search

josephfrazier / reported-web

Web front-end for https://twitter.com/Reported_NYC: https://reported-web.herokuapp.com
https://reported-web.herokuapp.com
MIT License
10 stars 1 forks source link

Upgrade svg-url-loader to allow loader-utils to be upgraded to fix vuln alert, see https://github.com/josephfrazier/reported-web/security/dependabot/139 #441

Closed josephfrazier closed 1 year ago

josephfrazier commented 1 year ago

Dependabot cannot update loader-utils to a non-vulnerable version

The latest possible version that can be installed is 1.2.3 because of the following conflicting dependencies:

react-dev-utils@12.0.1 requires loader-utils@^3.2.0
svg-url-loader@2.3.3 requires loader-utils@1.2.3

The earliest fixed version is 1.4.2.