Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix for known vulnerability in url-loader version #3244

Closed
JaredVanderford opened this issue Oct 5, 2017 · 1 comment
Closed

Fix for known vulnerability in url-loader version #3244

JaredVanderford opened this issue Oct 5, 2017 · 1 comment

Comments

@JaredVanderford
Copy link

Is this a bug report?

no

Can you also reproduce the problem with npm 4.x?

Yes

Environment

Irrelevant

Actual Behavior

There is a vulnerability identified by NSP in the version of url-loader currently set as a dependency.
"[email protected] > [email protected] > [email protected] "

url-loader has fixed this issue since 0.6.

@Timer
Copy link
Contributor

Timer commented Oct 5, 2017

I'll accept a PR for this but there's no rush because it's for untrusted user input (& simply a DoS).

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants