svg-sprite-loader
svg-sprite-loader copied to clipboard
Published
20 hours ago •
JetBrains
JetBrains
NPM recommending svg-sprite-loader 2.0.3 as a vulnerability fix?
Do you want to request a feature, report a bug or ask a question? Vulnerability
What is the current behavior?
Running npm audit fix suggests rolling back svg-sprite-loader to 2.0.3
What is the expected behavior? Being able to use the latest version
Please tell us about your environment:
- Node.js version: 16.14.0
- webpack version: 5.72.1
- svg-sprite-loader version: 6.0.11
- OS type & version: windows 10
Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. stackoverflow, gitter, etc)
`postcss <7.0.36
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/postcss
svg-baker >=1.2.5
Depends on vulnerable versions of postcss
node_modules/svg-baker
svg-baker-runtime >=1.4.0-alpha.10475b37
Depends on vulnerable versions of svg-baker
node_modules/svg-baker-runtime
svg-sprite-loader >=2.0.4
Depends on vulnerable versions of svg-baker
Depends on vulnerable versions of svg-baker-runtime
node_modules/svg-sprite-loader
4 moderate severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force`
