loader-utils dependency v2 is vulnerable and should be updated to v3: CVE-2022-37599

[Akkora]

Hello,
as the webpack loader-utils v2 are vulnerable, we get issues when installing babel-loader in current version 8.2.5. Could you please provide an update with the upgraded to v3 loader-utils package?

Link to more vulnerability details
https://nvd.nist.gov/vuln/detail/CVE-2022-37599

[SymbioticKilla]

@nicolo-ribaudo Any chance to get updated version soon?

[Shivam60]

Hey. Any guidance how we can help over this ?

[mostja01]

I think this issue might be resolved in PR #942

[Shivam60]

That is great to hear

[jamesxu0816]

Is there any progress on this issue? Looks like it impacts most of react applications. Can someone help to fix the security issue? Thanks.

[JLHwung]

loader-utils@3 is still affected by one CVE: webpack/loader-utils#215

We will remove loader-utils in babel-loader@9 and drop webpack 4 support. See #942.

[jamesxu0816]

Great. Thanks. We are expecting this upgrade to fix loader-utils security issue.