moderate severity vulnerabilities from postcss < 8.2.10

bholloway / resolve-url-loader

Webpack loader that resolves relative paths in url() statements based on the original source file

563 stars 71 forks source link

moderate severity vulnerabilities from postcss < 8.2.10 #205

Closed wiesesascha closed 3 years ago

wiesesascha commented 3 years ago

Issue

postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing: https://www.npmjs.com/advisories/1693

Reproduction

npm i resolve-url-loader

Remediation

Upgrade to version 8.2.10 or later

bholloway commented 3 years ago

Please see #198