loader-utils(npm) Affected versions >= 2.0.0, < 2.0.3 < 1.4.1 Patched versions 2.0.3 1.4.1 Description Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils prior to version 2.0.3 via the name variable in parseQuery.js. ...
Hi, could you update this dependency on the new version? Moderate Prototype Pollution Package minimist Patched in >=1.2.3 Dependency of webpack-dev-server [dev] Path webpack-dev-server > chokidar > fsevents > node-pre-gyp > tar > mkdirp ...
Fixed In Version:loader-utils 1.4.1, loader-utils 2.0.3 Doc Type:If docs needed, set a value Doc Text: A prototype pollution vulnerability was found in the parseQuery function in parseQuery.js in the webpack loader-utils via the name variable in parseQuery.js. This flaw can lead to a ...
Sign in Sign up jantimon / html-webpack-plugin Watch 118 Star 9.3k Fork 1.2k Code Issues 49 Pull requests 14 Actions Projects Security Insights New issue Lodash dependency causes prototype pollution issue: can you use another package instead of lodash? #1475 Open marcoippolito...