juliomrqz / nuxt-optimized-images

πŸŒ…πŸš€ Automatically optimizes images used in Nuxt.js projects (JPEG, PNG, SVG, WebP and GIF).
https://marquez.co/docs/nuxt-optimized-images/
MIT License
842 stars 30 forks source link

chore(deps): update devdependency loader-utils to v2.0.4 [security] #377

Open renovate[bot] opened 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
loader-utils 2.0.0 -> 2.0.4 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-37601

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils prior to version 2.0.3 via the name variable in parseQuery.js.

CVE-2022-37599

A regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils via the resourcePath variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1.

CVE-2022-37603

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1.


Release Notes

webpack/loader-utils ### [`v2.0.4`](https://togithub.com/webpack/loader-utils/releases/tag/v2.0.4) [Compare Source](https://togithub.com/webpack/loader-utils/compare/v2.0.3...v2.0.4) ##### [2.0.4](https://togithub.com/webpack/loader-utils/compare/v2.0.3...v2.0.4) (2022-11-11) ##### Bug Fixes - ReDoS problem ([#​225](https://togithub.com/webpack/loader-utils/issues/225)) ([ac09944](https://togithub.com/webpack/loader-utils/commit/ac09944dfacd7c4497ef692894b09e63e09a5eeb)) ### [`v2.0.3`](https://togithub.com/webpack/loader-utils/releases/tag/v2.0.3) [Compare Source](https://togithub.com/webpack/loader-utils/compare/v2.0.2...v2.0.3) ##### [2.0.3](https://togithub.com/webpack/loader-utils/compare/v2.0.1...v2.0.3) (2022-10-20) ##### Bug Fixes - **security:** prototype pollution exploit ([#​217](https://togithub.com/webpack/loader-utils/issues/217)) ([a93cf6f](https://togithub.com/webpack/loader-utils/commit/a93cf6f4702012030f6b5ee8340d5c95ec1c7d4c)) ### [`v2.0.2`](https://togithub.com/webpack/loader-utils/releases/tag/v2.0.2) [Compare Source](https://togithub.com/webpack/loader-utils/compare/v2.0.1...v2.0.2) ##### [2.0.2](https://togithub.com/webpack/loader-utils/compare/v2.0.1...v2.0.2) (2021-11-04) ##### Bug Fixes - base64 generation and unicode characters ([#​197](https://togithub.com/webpack/loader-utils/issues/197)) ([8c2d24e](https://togithub.com/webpack/loader-utils/commit/8c2d24ee400bc4567335e97ee6004c3baa6ef66f)) ### [`v2.0.1`](https://togithub.com/webpack/loader-utils/releases/tag/v2.0.1) [Compare Source](https://togithub.com/webpack/loader-utils/compare/v2.0.0...v2.0.1) ##### [2.0.1](https://togithub.com/webpack/loader-utils/compare/v2.0.0...v2.0.1) (2021-10-29) ##### Bug Fixes - md4 support on Node.js v17 ([#​193](https://togithub.com/webpack/loader-utils/issues/193)) ([1069f61](https://togithub.com/webpack/loader-utils/commit/1069f61284a571614ee4acdde6e6087174be118a))

Configuration

πŸ“… Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.



This PR has been generated by Mend Renovate. View repository job log here.

sonarcloud[bot] commented 1 year ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication