[X] I confirm that this is an issue rather than a question.
Bug report
The vuepress 1.9.10 version still uses the vuepress-html-webpack-plugin v3.2.0 lib and from what I researched I couldn't find the code and it's also no longer receiving maintenance. But this lib uses loader-utils v0.2.16 which has a high vulnerability and it is not possible to update itself because of this vuepress-html-webpack-plugin dependency.
Bug report
The vuepress 1.9.10 version still uses the
vuepress-html-webpack-plugin v3.2.0lib and from what I researched I couldn't find the code and it's also no longer receiving maintenance. But this lib usesloader-utils v0.2.16which has a high vulnerability and it is not possible to update itself because of this vuepress-html-webpack-plugin dependency.I saw that we already had an issue about this lib: https://github.com/vuejs/vuepress/issues/1303 and https://github.com/vuejs/vuepress/issues/698
Steps to reproduce
What is expected?
Stop using the lib and migrate to
html-webpack-plugin.What is actually happening?
Package was published and has never been updated since 2018.