Bump `loader-utils` to fix prototype pollution exploit

Question

Bump `loader-utils` to fix prototype pollution exploit

gyurielf opened this issue 3 years ago · 1 comments

gyurielf commented 3 years ago

Hey there!

Please update loader-utils version to 2.0.3 to fix prototype pollution exploit.

Related issue

Thanks!

Answer 1 · 2022-11-10T16:19:18.000Z

Bumped in 3.1.4 (strictly speaking we didn't need to, the range was ^2.0.0, but will help bumping it if no other dependency does it and there's a package lock file which keeps installing the vulnerable version).