CVE-2024-55565 vulnerability
Closed this issue · 3 comments
SystemInfected commented
Hello! I didn't see any issues reporting this.
There is a vulnerability in nanoid@3.3.7 so this package should be upgraded to mitigate this.
Reference:
https://access.redhat.com/security/cve/cve-2024-55565
alexander-akait commented
We can't fix it here, sorry, we don't use nanoid here
SystemInfected commented
We can't fix it here, sorry, we don't use
nanoidhere
Yes that's true, but it is a dependency of a lot of dependencies used by css-loader that should probably be updated
alexander-akait commented
You can update these dependencies locally, we use ^ everywhere https://github.com/webpack-contrib/css-loader/blob/master/package.json#L57 and we can't update dependencies in transitive dependencies