Closed Akkora closed 1 year ago
Fix is currently blocked. See attached PR.
The fix has been backported to v2 of loader-utils
, so this should now no longer be an issue on v4 and v5 - however v3 is using still using v1 of loader-utils
; I have requested a further backport but am hoping we can actually just upgrade our apps to v4 of resolve-url-loader
.
Either way @bholloway I don't think there's any further action required from you, unless you'd be willing to look into seeing if v3 could be upgraded to use v2 of loader-utils
.
a v1 version of loader-utils
with a fix has been released, but v3 of resolve-url-loader
pins the dependency at an exact version so it needs to have a new version released either relaxing the constraint to allow minor versions (preferred) or otherwise pinning loader-utils
to v1.4.2
Fixed by #229
Hello, as the webpack loader-utils v2 are vulnerable, we get issues when installing resolve-url-loader. Could you please provide an update with the upgraded to v3 loader-utils package?
Link to more vulnerability details https://nvd.nist.gov/vuln/detail/CVE-2022-37599