alexander-akait
commented
1 year ago We don't use this package directly and don't have this in dependecies, so we can't fix it here, anyway thank you for the report
Closed davidz1337 closed 1 year ago
alexander-akait
commented
1 year ago We don't use this package directly and don't have this in dependecies, so we can't fix it here, anyway thank you for the report
Dear Maintainers,
I hope this message finds you well. I am writing to notify you about a potential security issue regarding the package we recently installed. Upon running a vulnerability scan via Vulert on the lock file, I uncovered a total of 8 vulnerable dependencies.
Recognizing the potential security risk these vulnerabilities pose to our project, I am unsure about the protocol for reporting under responsible disclosure. I note that some dependencies are for development only. However, given their presence in the lock file, they might appear in the vendor folder, and thus, I believe their management is crucial.
For a more detailed look, you can find the scanned package-lock file report at the following link: https://vulert.com/vuln-scan/list/dab47a1b-ad2d-45c0-965c-f222a52bdfa3
I strongly suggest that we promptly address these vulnerabilities to ensure our project's security. If you need more information or clarification, please feel free to reach out to me.
In addition, you can find the scanned lock file at this location: https://github.com/webpack-contrib/style-loader/blob/master/package-lock.json
Looking forward to your prompt response.
Best regards.