Update `loader-utils` to Version 2.0.3 to Address Prototype Pollution Vulnerability

Question

Update `loader-utils` to Version 2.0.3 to Address Prototype Pollution Vulnerability

Opened this issue 4 months ago · 0 comments

The project currently uses a version of loader-utils that is vulnerable to prototype pollution due to the way the parseQuery function in parseQuery.js handles the name variable. This vulnerability is present in versions of loader-utils prior to 2.0.3. To mitigate this risk, we must update loader-utils to version 2.0.3.

Acceptance Criteria

The package.json file (or the relevant package manager file) is updated to specify loader-utils version 2.0.3.
Ensure that the application builds successfully with the updated loader-utils version.
Perform a basic smoke test to confirm that the update does not break existing functionality.
All automated tests pass with the updated dependency.