Skip to content

CVE-2022-37601 and CVE-2021-44906 #3339

New issue
New issue
Open
Open
CVE-2022-37601 and CVE-2021-44906#3339
Labels
enhancement
@jkacmaz93

Description

@jkacmaz93
jkacmaz93
opened on Jul 30, 2024

Hi, vulnerability scanner detected two dependencies in the yarn.lock file as vulnerable version referenced.

Minimist:
CVE-2021-44906 - The vulnerability can be remediated by updating the library to version 1.2.6 or higher.
See:

webpacker/yarn.lock

Line 5241 in e0c998e

minimist@^1.2.0, minimist@^1.2.5:

Loader-Utils:
CVE-2022-37601 - The vulnerability can be remediated by updating the library to version 2.0.3 or higher.
See :

webpacker/yarn.lock

Line 4990 in e0c998e

loader-utils@^2.0.0:

See:

webpacker/yarn.lock

Line 4981 in e0c998e

loader-utils@^1.1.0, loader-utils@^1.2.3, loader-utils@^1.4.0:

Ruby version: 3.2.0
Webpacker version: 5.4.3

Desired behavior: Could you update these two dependencies to the non-vulnerable versions? Thank you.

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions