Skip to content

Drop loader-utils dep#865

Closed
LukeCarrier wants to merge 1 commit intopmmmwh:mainfrom
LukeCarrier:drop-loader-util
Closed

Drop loader-utils dep#865
LukeCarrier wants to merge 1 commit intopmmmwh:mainfrom
LukeCarrier:drop-loader-util

Conversation

@LukeCarrier
Copy link
Copy Markdown

@LukeCarrier LukeCarrier commented Aug 16, 2024
edited
Loading

Instead of require("loader-utils").getOptions(LoaderContext) we should be good with LoaderContext.getOptions(), where LoaderContext is bound to this.

This lets us drop the loader-utils dep, which until 3.2.1 contains a ReDoS vulnerability (CVE-2022-37603).

Note since it is still a transitive dependency (via webpack-v4 and babel-loader), it will still be necessary to add a resolution for it.

@LukeCarrier
Drop loader-utils dep
4067d19 
Instead of require("loader-utils").getOptions(LoaderContext) we should
be good with LoaderContext.getOptions(), where LoaderContext is bound to
this.

This lets us drop the loader-utils dep, which until 3.2.1 contains a
ReDoS vulnerability (CVE-2022-37603).
@codesandbox
Copy link
Copy Markdown

codesandbox bot commented Aug 16, 2024

Review or Edit in CodeSandbox

Open the branch in Web EditorVS CodeInsiders

Open Preview

@LukeCarrier LukeCarrier marked this pull request as ready for review August 16, 2024 10:09
@pmmmwh
Copy link
Copy Markdown
Owner

pmmmwh commented Mar 10, 2025

Hi - unfortunately we cannot do this right now as we support Webpack v4. This will be resolved in #851.

@pmmmwh pmmmwh mentioned this pull request Mar 10, 2025
Merged
@pmmmwh pmmmwh closed this in #851 Apr 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@LukeCarrier @pmmmwh