Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(deps): update dependency loader-utils to v1.4.2 [security] (#1640)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [loader-utils](https://togithub.com/webpack/loader-utils) | [`1.4.0` -> `1.4.2`](https://renovatebot.com/diffs/npm/loader-utils/1.4.0/1.4.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/loader-utils/1.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/loader-utils/1.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/loader-utils/1.4.0/1.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/loader-utils/1.4.0/1.4.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. ### GitHub Vulnerability Alerts #### [CVE-2022-37599](https://nvd.nist.gov/vuln/detail/CVE-2022-37599) A regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils via the resourcePath variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1. #### [CVE-2022-37603](https://nvd.nist.gov/vuln/detail/CVE-2022-37603) A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1. --- ### Release Notes <details> <summary>webpack/loader-utils (loader-utils)</summary> ### [`v1.4.2`](https://togithub.com/webpack/loader-utils/releases/tag/v1.4.2) [Compare Source](https://togithub.com/webpack/loader-utils/compare/v1.4.1...v1.4.2) ##### [1.4.2](https://togithub.com/webpack/loader-utils/compare/v1.4.1...v1.4.2) (2022-11-11) ##### Bug Fixes - ReDoS problem ([#​226](https://togithub.com/webpack/loader-utils/issues/226)) ([17cbf8f](https://togithub.com/webpack/loader-utils/commit/17cbf8fa8989c1cb45bdd2997aa524729475f1fa)) ### [`v1.4.1`](https://togithub.com/webpack/loader-utils/releases/tag/v1.4.1) [Compare Source](https://togithub.com/webpack/loader-utils/compare/v1.4.0...v1.4.1) ##### [1.4.1](https://togithub.com/webpack/loader-utils/compare/v1.4.0...v1.4.1) (2022-11-07) ##### Bug Fixes - security problem ([#​220](https://togithub.com/webpack/loader-utils/issues/220)) ([4504e34](https://togithub.com/webpack/loader-utils/commit/4504e34c4796a5836ef70458327351675aed48a5)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/vue-styleguidist/vue-styleguidist). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMTIuMCIsInVwZGF0ZWRJblZlciI6IjM3LjIyNy4yIiwidGFyZ2V0QnJhbmNoIjoiZGV2In0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
- Loading branch information