Skip to content

Commit

Permalink
Update package-lock.json
Browse files Browse the repository at this point in the history 
GHSA-4fc4-chg7-h8gh
low severity
Vulnerable versions: < 1.5.1
Patched version: 1.5.1
Impact
All dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected.
Patches
This issue is patched in version 1.5.1.
Workarounds
N/A
References
waysact/webpack-subresource-integrity#131
For more information
If you have any questions or comments about this advisory:
    Comment on webpack-subresource-integrity issue #131
    Or email us at security@waysact.com
  • Loading branch information
@philemmons
philemmons committed Feb 7, 2021
1 parent f66aff8 commit dec8531
Showing 1 changed file with 3 additions and 4 deletions.
7 changes: 3 additions & 4 deletions hello-world/package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit dec8531

Please sign in to comment.