react-refresh-webpack-plugin icon indicating copy to clipboard operation
react-refresh-webpack-plugin copied to clipboard

Published 20 hours ago verified publisher icon pmmmwh

Drop loader-utils dep

Open LukeCarrier opened this issue 1 year ago • 1 comments

Instead of require("loader-utils").getOptions(LoaderContext) we should be good with LoaderContext.getOptions(), where LoaderContext is bound to this.

This lets us drop the loader-utils dep, which until 3.2.1 contains a ReDoS vulnerability (CVE-2022-37603).

Note since it is still a transitive dependency (via webpack-v4 and babel-loader), it will still be necessary to add a resolution for it.

LukeCarrier avatar Aug 16 '24 10:08 LukeCarrier