Hello there, there is a new npm vulnerability which needs to be fix ASAP.
Suggested solution: Bump css-loader to version >= 6
The vulnerability is in json5 library which is used in loader-utils package which is being used by previous versions of css-loader which your library is using. I think that this can be fixed by bumping the version of css-loader to version 6 and above, because v6 is not using loader-utils (the vulnerable library) at all!
Thank you in advance :)
Hello there, there is a new npm vulnerability which needs to be fix ASAP.
Suggested solution: Bump css-loader to version >= 6
The vulnerability is in json5 library which is used in
loader-utils
package which is being used by previous versions ofcss-loader
which your library is using. I think that this can be fixed by bumping the version ofcss-loader
to version 6 and above, because v6 is not usingloader-utils
(the vulnerable library) at all! Thank you in advance :)