Update loader-utils on v3 branch to fix audit vulnerability. #1532

dscalzi · 2020-05-10T15:23:44Z

npm audit is unable to fix a a vulnerability because there is no version range on the loader-utils dependency (https://github.com/webpack/webpack-cli/blob/master/package.json#L123).

Updating this dependency and releasing v3.3.12 will fix the issue. (https://www.npmjs.com/advisories/1179/versions)

The text was updated successfully, but these errors were encountered:

anshumanv · 2020-05-10T15:29:26Z

Thanks for reporting.

Will submit a fix 👍

dscalzi · 2020-05-27T20:58:47Z

Any update?

anshumanv · 2020-05-28T11:17:00Z

Hi, occupied with other tasks, can your PR or anyone from @webpack/cli-team would like to pick this up?

jamesgeorge007 · 2020-05-31T12:12:19Z

@evilebottnawi please make a patch release.

alexander-akait · 2020-06-01T12:18:30Z

dscalzi · 2020-06-11T20:19:06Z

Thanks, fixed

jamesgeorge007 linked a pull request May 28, 2020 that will close this issue

chore: bump dependencies for v3 #1595

Merged

dscalzi closed this as completed Jun 11, 2020

Provide feedback