You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
as the webpack loader-utils v2 are vulnerable, we get issues when installing resolve-url-loader. Could you please provide an update with the upgraded to v3 loader-utils package?
The fix has been backported to v2 of loader-utils, so this should now no longer be an issue on v4 and v5 - however v3 is using still using v1 of loader-utils; I have requested a further backport but am hoping we can actually just upgrade our apps to v4 of resolve-url-loader.
Either way @bholloway I don't think there's any further action required from you, unless you'd be willing to look into seeing if v3 could be upgraded to use v2 of loader-utils.
a v1 version of loader-utils with a fix has been released, but v3 of resolve-url-loader pins the dependency at an exact version so it needs to have a new version released either relaxing the constraint to allow minor versions (preferred) or otherwise pinning loader-utils to v1.4.2
Hello,
as the webpack loader-utils v2 are vulnerable, we get issues when installing resolve-url-loader. Could you please provide an update with the upgraded to v3 loader-utils package?
Link to more vulnerability details
https://nvd.nist.gov/vuln/detail/CVE-2022-37599
The text was updated successfully, but these errors were encountered: