svg-sprite-loader icon indicating copy to clipboard operation
svg-sprite-loader copied to clipboard

Published 20 hours ago verified publisher icon JetBrains

Node16 npm audit moderate

Open z-zp opened this issue 2 years ago • 2 comments

Do you want to request a feature, report a bug or ask a question?

What is the current behavior?

What is the expected behavior?

If the current behavior is a bug, please provide the steps to reproduce, at least part of webpack config with loader configuration and piece of your code. The best way is to create repo with minimal setup to demonstrate a problem (package.json, webpack config and your code). It you don't want to create a repository - create a gist with multiple files

If this is a feature request, what is motivation or use case for changing the behavior?

Please tell us about your environment:

  • Node.js version: 16
  • webpack version: 5
  • svg-sprite-loader version: 6.0.11
  • OS type & version: mac

Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. stackoverflow, gitter, etc)

[email protected] │ └─┬ [email protected] │ ├─┬ [email protected] │ │ └── [email protected] deduped │ └── [email protected]

its dependencies [email protected]. [email protected] is need to upgrade https://github.com/advisories/GHSA-566m-qj78-rww5

z-zp avatar Oct 20 '22 02:10 z-zp

There is also a critical vulnerability:

loader-utils  <2.0.3
Severity: critical
Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq
No fix available
node_modules/loader-utils
node_modules/svg-baker/node_modules/loader-utils

Direct dependency:

├─┬ [email protected]
│ ├── [email protected]

MaximeCheramy avatar Nov 07 '22 20:11 MaximeCheramy