font-loader
font-loader copied to clipboard
security issue
Hello,
I am using the latest release of this package on my Angular project. Recently, I received some warning messages about two of your dependencies that needed to be updated in order to match security requirement.
Here is a the list :
Package underscore.string
Patched in >=3.3.5
Dependency of font-loader [dev]
Path font-loader > ttf2eot > argparse > underscore.string
More info https://nodesecurity.io/advisories/745
Package lodash
Patched in >=4.17.5
Dependency of font-loader [dev]
Path font-loader > svg2ttf > lodash
More info https://nodesecurity.io/advisories/577
It will be great to have another release matching those security expectation. When the next release will be made ?