fluent-form icon indicating copy to clipboard operation
fluent-form copied to clipboard
verified publisher icon fluent-form

chore(deps): update dependency loader-utils [security]

Open renovate[bot] opened this issue 3 years ago • 1 comments

Mend Renovate

This PR contains the following updates:

Package Change
loader-utils 3.2.0 -> 3.2.1
loader-utils 1.4.0 -> 1.4.1
loader-utils 2.0.2 -> 2.0.4

GitHub Vulnerability Alerts

CVE-2022-37599

A regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils via the resourcePath variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1.

CVE-2022-37603

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1.

CVE-2022-37601

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils prior to version 2.0.3 via the name variable in parseQuery.js.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] avatar Nov 16 '22 21:11 renovate[bot]

Codecov Report

Merging #34 (cc876d0) into main (506ef47) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##             main      #34   +/-   ##
=======================================
  Coverage   93.85%   93.85%           
=======================================
  Files          21       21           
  Lines         358      358           
  Branches       91       91           
=======================================
  Hits          336      336           
  Misses          4        4           
  Partials       18       18

:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more

codecov[bot] avatar Nov 18 '22 11:11 codecov[bot]