Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

critical severity vulnerability in loader-utils package #7323

Closed
mhDuke opened this issue Nov 6, 2022 · 2 comments
Closed

critical severity vulnerability in loader-utils package #7323

mhDuke opened this issue Nov 6, 2022 · 2 comments

Comments

@mhDuke
Copy link

mhDuke commented Nov 6, 2022

Version

5.0.8

Environment info

 System:
    OS: Windows 10 10.0.19043
    CPU: (4) x64 Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
  Binaries:
    Node: 16.14.0 - C:\Program Files\nodejs\node.EXE
    Yarn: 1.22.15 - C:\Program Files\nodejs\yarn.CMD
    npm: 8.19.3 - C:\Program Files\nodejs\npm.CMD
  Browsers:
    Chrome: Not Found
    Edge: Spartan (44.19041.1266.0), Chromium (107.0.1418.35)
  npmPackages:
    @vue/babel-helper-vue-jsx-merge-props:  1.4.0
    @vue/babel-helper-vue-transform-on:  1.0.2
    @vue/babel-plugin-jsx:  1.1.1
    @vue/babel-plugin-transform-vue-jsx:  1.4.0
    @vue/babel-preset-app:  5.0.8
    @vue/babel-preset-jsx:  1.4.0
    @vue/babel-sugar-composition-api-inject-h:  1.4.0
    @vue/babel-sugar-composition-api-render-instance:  1.4.0
    @vue/babel-sugar-functional-vue:  1.4.0
    @vue/babel-sugar-inject-h:  1.4.0
    @vue/babel-sugar-v-model:  1.4.0
    @vue/babel-sugar-v-on:  1.4.0
    @vue/cli-overlay:  5.0.8
    @vue/cli-plugin-babel: ~5.0.6 => 5.0.8
    @vue/cli-plugin-eslint: ~5.0.6 => 5.0.8
    @vue/cli-plugin-router: ~5.0.6 => 5.0.8
    @vue/cli-plugin-vuex:  5.0.8
    @vue/cli-service: ~5.0.6 => 5.0.8
    @vue/cli-shared-utils:  5.0.8
    @vue/compiler-sfc:  2.7.13
    @vue/component-compiler-utils:  3.3.0
    @vue/web-component-wrapper:  1.3.0
    eslint-plugin-vue: ^8.0.3 => 8.7.1
    vue: ^2.7.0 => 2.7.13
    vue-cli-plugin-vuetify: ^2.4.7 => 2.5.8
    vue-eslint-parser:  8.3.0
    vue-hot-reload-api:  2.3.4
    vue-loader:  17.0.1 (15.10.0)
    vue-router: ^3.5.1 => 3.6.5
    vue-style-loader:  4.1.3
    vue-template-es2015-compiler:  1.9.1
    vuetify: ^2.6.4 => 2.6.12
    vuetify-loader: ^1.7.0 => 1.9.2
  npmGlobalPackages:
    @vue/cli: Not Found

Steps to reproduce

npm audit

What is expected?

no critical vulnerabilities

What is actually happening?

4 critical severity vulnerabilities
@ashkulz ashkulz mentioned this issue Nov 7, 2022
Closed
@victortpt
Copy link

Same problem to me. Using same version of vue/cli-service in Vue 2
imagen

@haoqunjiang
Copy link
Member

webpack/loader-utils#218 (comment) Fixed in loader-utils@1.4.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@haoqunjiang @mhDuke @victortpt