asset-system
asset-system copied to clipboard
Published
20 hours ago •
godaddy
godaddy
[Snyk] Security upgrade loader-utils from 1.4.0 to 2.0.3
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- packages/webpack/package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-LOADERUTILS-3043105 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: loader-utils
The new version differs by 11 commits.- 7162619 chore(release): 2.0.3
- a93cf6f fix(security): prototype polution exploit (#217)
- 90c7c4b chore(release): 2.0.2
- 8c2d24e fix: base64 generation and unicode characters (#197)
- 5fb5562 chore(release): 2.0.1
- 1069f61 fix: md4 support on Node.js v17 (#193)
- d9f4e23 chore(release): 2.0.0
- 865dc03 refactor: switch to `md4` by default (#168)
- b595cfb refactor: the `getOptions` method returns empty object on empty query (#167)
- c937e8c chore: minimum required `Node.js` version is `8.9.0` (#166)
- c78786d chore: upgrade json5 to fix a vulnerability (#165)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
