idanrozin
commented
1 year ago Closing this as it seems that the issue has been fix from the JSON5 end. https://github.com/json5/json5/pull/298 https://github.com/github/advisory-database/pull/1541
Closed idanrozin closed 1 year ago
idanrozin
commented
1 year ago Closing this as it seems that the issue has been fix from the JSON5 end. https://github.com/json5/json5/pull/298 https://github.com/github/advisory-database/pull/1541
Hello there, there is a new npm vulnerability which needs to be fix ASAP.
Suggested solution: Bump css-loader to version >= 6
The vulnerability is in json5 library which is used in
loader-utilspackage which is being used by previous versions ofcss-loaderwhich your library is using. I think that this can be fixed by bumping the version ofcss-loaderto version 6 and above, because v6 is not usingloader-utils(the vulnerable library) at all! Thank you in advance :)