Bump `loader-utils` to fix prototype pollution exploit

sveltejs / svelte-loader

Webpack loader for svelte components.

MIT License

594 stars 73 forks source link

Bump `loader-utils` to fix prototype pollution exploit #213

Closed gyurielf closed 1 year ago

gyurielf commented 1 year ago

Hey there!

Please update loader-utils version to 2.0.3 to fix prototype pollution exploit.

Related issue

Thanks!

dummdidumm commented 1 year ago

Bumped in 3.1.4 (strictly speaking we didn't need to, the range was ^2.0.0, but will help bumping it if no other dependency does it and there's a package lock file which keeps installing the vulnerable version).