Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove dependency on deprecated/unmaintained bundle-loader #167

Closed
rmja opened this issue Jul 10, 2020 · 9 comments · Fixed by #216
Closed

Remove dependency on deprecated/unmaintained bundle-loader #167

rmja opened this issue Jul 10, 2020 · 9 comments · Fixed by #216

Comments

@rmja
Copy link

rmja commented Jul 10, 2020

I'm submitting a feature request

  • Library Version:
    master

Current behavior:
The plugin depends on bundle-loader as a runtime dependency, but that library is currently archived on GitHub and is no longer maintained. It has issues that have not been addressed for years, so it would be really nice if the plugin did not depend on its existence.

Expected/desired behavior:
Avoid using the deprecated bundle-loader dependency, and maybe replace its use with dynamic imports.
@Alexander-Taran
Copy link

Would you like to provide a pull request for it @rmja ?

@rmja
Copy link
Author

rmja commented Aug 13, 2021

I don't think that i know the internals of webpack and this plugin good enough to do this...

@MaximBalaganskiy
Copy link

bump!
there's a critical vulnerability in bundle-loader -> loader-utils@1.4.1

@Alexander-Taran
Copy link

@bigopon ping

@Garbageous
Copy link

Is there an ETA on a fix for this? Our SCA tool is giving us warnings about this.

@bigopon
Copy link
Member

bigopon commented Jan 30, 2023

I'll get on this soon.

@bigopon
Copy link
Member

bigopon commented Jan 31, 2023

I'm not aware of a replacement for bundle-loader, I think the simplest fix which I'll apply is to have a local copy in the dist of tis plugin and use it instead, then remove the dep on bundle-loader.

@rmja
Copy link
Author

rmja commented Jan 31, 2023

@bigopon if you do that, then please add this fix: webpack-contrib/bundle-loader#75

bigopon added a commit that referenced this issue Jan 31, 2023
@bigopon
fix(dep): use internal copy of bundle-loader
b40d014 
closes #167
@bigopon bigopon mentioned this issue Jan 31, 2023
Merged
bigopon added a commit that referenced this issue Jan 31, 2023
@bigopon
fix(dep): use internal copy of bundle-loader (#216)
a10d632 
closes #167
@bigopon
Copy link
Member

bigopon commented Jan 31, 2023

v 5.0.5 has been published for the fix of this issue. Thanks everyone.

@rmja we can't just change it, can you help create a fail test case? Or if you want, can bundle the failing test case with your fix in a PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(dep): use internal copy of bundle-loader aurelia/webpack-plugin
5 participants
@Alexander-Taran @rmja @MaximBalaganskiy @bigopon @Garbageous