Describe the bug
Getting below vulnerability issue for loader-utils:
Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils 2.0.0 via the name variable in parseQuery.js
For reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37601
@svgr/webpack v5.5.0 needs to be upgraded to latest. Its being used there as dependency. I see in v.6.1.0 they have removed that lib dependency. Also other libraries within CRA using loader-utils 2.0.0 needs to be updated to latest.
Describe the bug
Getting below vulnerability issue for loader-utils:
Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils 2.0.0 via the name variable in parseQuery.js
For reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37601
@svgr/webpack v5.5.0 needs to be upgraded to latest. Its being used there as dependency. I see in v.6.1.0 they have removed that lib dependency. Also other libraries within CRA using loader-utils 2.0.0 needs to be updated to latest.