Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[security] Fix json5 to fix CVE-2022-46175 vulnerability #42

Closed
idanrozin opened this issue Dec 29, 2022 · 1 comment
Closed

[security] Fix json5 to fix CVE-2022-46175 vulnerability #42

idanrozin opened this issue Dec 29, 2022 · 1 comment

Comments

@idanrozin
Copy link

idanrozin commented Dec 29, 2022
edited

Hello there, there is a new npm vulnerability which needs to be fix ASAP.

Suggested solution: Bump css-loader to version >= 6

The vulnerability is in json5 library which is used in loader-utils package which is being used by previous versions of css-loader which your library is using. I think that this can be fixed by bumping the version of css-loader to version 6 and above, because v6 is not using loader-utils (the vulnerable library) at all!
Thank you in advance :)
@idanrozin
Copy link
Author

Closing this as it seems that the issue has been fix from the JSON5 end.
json5/json5#298
github/advisory-database#1541

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@idanrozin