react-refresh-webpack-plugin icon indicating copy to clipboard operation
react-refresh-webpack-plugin copied to clipboard

Published 20 hours ago verified publisher icon pmmmwh

Security vulnerability - loader-utils 2.0.4

Open FujitaKyotaka opened this issue 1 year ago • 2 comments

loader-utils: 2.0.4 has the dependency JSON5: 2.1.2 it causes Prototype Pollution in JSON5 via Parse Method

FujitaKyotaka avatar Dec 11 '23 12:12 FujitaKyotaka

Most probably not a real risk, see also https://overreacted.io/npm-audit-broken-by-design/

DanielRuf avatar Mar 16 '24 19:03 DanielRuf

Unfortunately since we still support WDS v3 it is likely impossible to fix. Probably something for 0.6.x.

pmmmwh avatar Apr 25 '24 08:04 pmmmwh

Will be fixed in v0.6.0.

pmmmwh avatar Jun 02 '24 22:06 pmmmwh