Closed rmja closed 1 year ago
Would you like to provide a pull request for it @rmja ?
I don't think that i know the internals of webpack and this plugin good enough to do this...
bump! there's a critical vulnerability in bundle-loader -> loader-utils@1.4.1
@bigopon ping
Is there an ETA on a fix for this? Our SCA tool is giving us warnings about this.
I'll get on this soon.
I'm not aware of a replacement for bundle-loader, I think the simplest fix which I'll apply is to have a local copy in the dist of tis plugin and use it instead, then remove the dep on bundle-loader
.
@bigopon if you do that, then please add this fix: https://github.com/webpack-contrib/bundle-loader/pull/75
v 5.0.5
has been published for the fix of this issue. Thanks everyone.
@rmja we can't just change it, can you help create a fail test case? Or if you want, can bundle the failing test case with your fix in a PR.
I'm submitting a feature request
Current behavior: The plugin depends on bundle-loader as a runtime dependency, but that library is currently archived on GitHub and is no longer maintained. It has issues that have not been addressed for years, so it would be really nice if the plugin did not depend on its existence.
Expected/desired behavior: Avoid using the deprecated bundle-loader dependency, and maybe replace its use with dynamic imports.