loader-utils icon indicating copy to clipboard operation
loader-utils copied to clipboard
verified publisher icon webpack

CVE-2022-46175 - High

Open ldco2016 opened this issue 2 years ago • 1 comments

Guys, we are using a dependency called svg-inline-loader which is using [email protected] which seems to be using [email protected] and since svg-inline-loader version we are using is the latest one, we would need for loader-utils to be on a version that is using a json5 version where the CVE has been patched or perhaps a version not needing that dependency at all.

Could you please advise as we need to resolve these vulnerabilities as soon as possible.

ldco2016 avatar Jan 04 '24 17:01 ldco2016

loader-utils is deprecated and should not used in loader anymore, also [email protected] is outdated and this CVE was fixed in the last version, so please ask developer(s) of svg-inline-loader update deps

alexander-akait avatar Jan 05 '24 15:01 alexander-akait