svg-sprite-loader icon indicating copy to clipboard operation
svg-sprite-loader copied to clipboard

Published 20 hours ago verified publisher icon JetBrains

Dependency on loader-utils 1.1.0 is security concern, CRITICAL vulnerabilities

Open Branpolo opened this issue 2 years ago • 1 comments

Packages.json includes a dependency on loader-utils ^1.1.0 however there are some severe vulnerabilities with this version see https://security.snyk.io/package/npm/loader-utils/1.1.0 (or: GitHub's dependabot scanner)

Even if this package doesn't expose these vulnerabilities, having this dependency blocks other packages from using later loader-utils versions.

Branpolo avatar Mar 02 '23 08:03 Branpolo