You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Mar 17, 2023. It is now read-only.
I don't think these have any risks (how would you exploit this on a webpack loader?)
I try to keep up to date with the dependencies, but some of them are not well maintained (see Consider switching to squoosh #353) so it's not easy to fix.
Pull requests that fix these are always welcome.
I'm closing this, but feel free to open a PR that fixes them or I'm willing to reopen if you can at least give any indication how this can be a risk for a webpack loader.
yarn audit outputs a high risk for css-what, a dependency of image-webpack-loader:
image-webpack-loader > imagemin-svgo > svgo > css-select > css-what
in addition to the previously reported normalize-url and trim-newlines.
Furthermore, there is a moderate risk in glob-parent:
image-webpack-loader > imagemin > globby > fast-glob > glob-parent
The text was updated successfully, but these errors were encountered: