Skip to content

Commit a4b6517

Browse files
orienorien
committed
Loosen constraints on loader-utils dependency
Any major version 1, after 1.2.3 should work. There are multiple CVEs against version 1.2.3. We should allow upgrading to a version that includes security patches. * CVE-2022-37599 - https://nvd.nist.gov/vuln/detail/CVE-2022-37599 * CVE-2022-37601 - https://nvd.nist.gov/vuln/detail/CVE-2022-37601 * CVE-2022-37603 - https://nvd.nist.gov/vuln/detail/CVE-2022-37603
1 parent 1fdc9e2 commit a4b6517

File tree

2 files changed

+6
-11
lines changed

2 files changed

+6
-11
lines changed

packages/resolve-url-loader/package.json

+1-1
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@
4242
"compose-function": "3.0.3",
4343
"convert-source-map": "1.7.0",
4444
"es6-iterator": "2.0.3",
45-
"loader-utils": "1.2.3",
45+
"loader-utils": "^1.2.3",
4646
"postcss": "7.0.36",
4747
"rework": "1.0.1",
4848
"rework-visit": "1.0.0",

yarn.lock

+5-10
Original file line numberDiff line numberDiff line change
@@ -382,11 +382,6 @@ duplexer@^0.1.1:
382382
resolved "https://registry.npmjs.org/duplexer/-/duplexer-0.1.1.tgz#ace6ff808c1ce66b57d1ebf97977acb02334cfc1"
383383
integrity sha1-rOb/gIwc5mtX0ev5eXessCM0z8E=
384384

385-
emojis-list@^2.0.0:
386-
version "2.1.0"
387-
resolved "https://registry.npmjs.org/emojis-list/-/emojis-list-2.1.0.tgz#4daa4d9db00f9819880c79fa457ae5b09a1fd389"
388-
integrity sha1-TapNnbAPmBmIDHn6RXrlsJof04k=
389-
390385
emojis-list@^3.0.0:
391386
version "3.0.0"
392387
resolved "https://registry.npmjs.org/emojis-list/-/emojis-list-3.0.0.tgz#5570662046ad29e2e916e71aae260abdff4f6a78"
@@ -917,13 +912,13 @@ kind-of@^6.0.0, kind-of@^6.0.2:
917912
resolved "https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz#01146b36a6218e64e58f3a8d66de5d7fc6f6d051"
918913
integrity sha512-s5kLOcnH0XqDO+FvuaLX8DDjZ18CGFk7VygH40QoKPUQhW4e2rvM0rwUq0t8IQDOwYSeLK01U90OjzBTme2QqA==
919914

920-
[email protected]:
921-
version "1.2.3"
922-
resolved "https://registry.npmjs.org/loader-utils/-/loader-utils-1.2.3.tgz#1ff5dc6911c9f0a062531a4c04b609406108c2c7"
923-
integrity sha512-fkpz8ejdnEMG3s37wGL07iSBDg99O9D5yflE9RGNH3hRdx9SOwYfnGYdZOUIZitN8E+E2vkq3MUMYMvPYl5ZZA==
915+
loader-utils@^1.2.3:
916+
version "1.4.2"
917+
resolved "https://registry.npmjs.org/loader-utils/-/loader-utils-1.4.2.tgz#29a957f3a63973883eb684f10ffd3d151fec01a3"
918+
integrity sha512-I5d00Pd/jwMD2QCduo657+YM/6L3KZu++pmX9VFncxaxvHcru9jx1lBaFft+r4Mt2jK0Yhp41XlRAihzPxHNCg==
924919
dependencies:
925920
big.js "^5.2.2"
926-
emojis-list "^2.0.0"
921+
emojis-list "^3.0.0"
927922
json5 "^1.0.1"
928923

929924
loader-utils@^2.0.0:

0 commit comments

Comments
 (0)