Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings
This repository was archived by the owner on May 13, 2025. It is now read-only.

[Snyk] Security upgrade image-webpack-loader from 6.0.0 to 8.0.0#81

Open
snyk-bot wants to merge 1 commit into
masterZintexiss/Leo-JavaScript:masterfrom
snyk-fix-dc507d96b247262f7b6f10dbb43edfc2Zintexiss/Leo-JavaScript:snyk-fix-dc507d96b247262f7b6f10dbb43edfc2Copy head branch name to clipboard
Open

[Snyk] Security upgrade image-webpack-loader from 6.0.0 to 8.0.0#81
snyk-bot wants to merge 1 commit into
masterZintexiss/Leo-JavaScript:masterfrom
snyk-fix-dc507d96b247262f7b6f10dbb43edfc2Zintexiss/Leo-JavaScript:snyk-fix-dc507d96b247262f7b6f10dbb43edfc2Copy head branch name to clipboard

Conversation

@snyk-bot

Copy link
Copy Markdown

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • Cute-Webpack/Webpack-Quickly-Starter/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-CSSWHAT-1298035
Yes No Known Exploit
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-NTHCHECK-1586032
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: image-webpack-loader The new version differs by 115 commits.
  • 9ec553e update changelog
  • 57053d8 remove old test files
  • 949fa88 update imagemin-svgo
  • 7ff0abe drop support for node 12 and update packages
  • fe1411c Merge pull request #338 from tcoopman/dependabot/add-v2-config-file
  • eada569 Merge pull request #306 from tcoopman/dependabot/npm_and_yarn/imagemin-pngquant-9.0.2
  • fe2c526 Merge pull request #342 from tcoopman/dependabot/npm_and_yarn/hosted-git-info-2.8.9
  • d56c90d Merge pull request #340 from tcoopman/dependabot/npm_and_yarn/lodash-4.17.21
  • 8c2f7ec Merge pull request #329 from tcoopman/dependabot/npm_and_yarn/ssri-6.0.2
  • 8135139 Merge pull request #323 from tcoopman/dependabot/npm_and_yarn/y18n-4.0.3
  • 28c8702 Merge pull request #314 from tcoopman/dependabot/npm_and_yarn/is-svg-4.3.1
  • 6d3c80b Merge pull request #307 from tcoopman/dependabot/npm_and_yarn/elliptic-6.5.4
  • 1ed6e38 [Security] Bump hosted-git-info from 2.7.1 to 2.8.9
  • b73c071 [Security] Bump lodash from 4.17.20 to 4.17.21
  • 9f0ce81 Upgrade to GitHub-native Dependabot
  • a420189 Merge pull request #334 from jonkoops/feature/node-16
  • fc8667d Add Node 16 to testing matrix
  • 47e5351 [Security] Bump ssri from 6.0.1 to 6.0.2
  • 8529a0c [Security] Bump y18n from 4.0.0 to 4.0.3
  • 7ccec07 [Security] Bump is-svg from 4.2.1 to 4.3.1
  • c2ecd29 [Security] Bump elliptic from 6.5.3 to 6.5.4
  • 590662f Bump imagemin-pngquant from 9.0.1 to 9.0.2
  • 29d179e Merge pull request #282 from tcoopman/dependabot/npm_and_yarn/webpack-cli-4.3.1
  • cf2aaad Merge pull request #283 from tcoopman/dependabot/npm_and_yarn/webpack-4.45.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant

Morty Proxy This is a proxified and sanitized view of the page, visit original site.