tcoopman / image-webpack-loader

Image loader module for webpack
MIT License
2.03k stars 132 forks source link

Security vulnerability with trim-newlines #347

Closed rjz-avaleo closed 3 years ago

rjz-avaleo commented 3 years ago

npm audit reported a high security vulnerability for trim-newlines package, which is a transitive dependency of a few dependent packages:

tcoopman commented 3 years ago

These are all problems with deeper dependencies.

  1. I don't think these have any risks (how would you exploit this on a webpack loader?)
  2. I try to keep up to date with the dependencies, but some of them are not well maintained (see #353) so it's not easy to fix.
  3. Pull requests that fix these are always welcome.

I'm closing this, but feel free to open a PR that fixes them or I'm willing to reopen if you can at least give any indication how this can be a risk for a webpack loader.