loader-utils vulnerability upgrade

[niryarden]

Hello :)

loader-utils dependency released a new version (2.0.0) about a month ago, in which they fixed a vulnerability following a snyk report. I would appreciate if you could update loader-utils to the latest version.

webpack/loader-utils#165
https://app.snyk.io/vuln/SNYK-JS-MINIMIST-559764

Thank you very much in advance

[Shivam60]

Hey Any update on this

[Shivam60]

I would like to help also, if its a good for first bug

[mateBe95]

bump

[psierks]

There's also CVE-2022-37601

loader-utils 1.0.0 to 2.0.2 are affected, patched as of 2.0.3

loader-utils fix PR webpack/loader-utils#217 & release https://github.com/webpack/loader-utils/releases/tag/v2.0.3

[dodo0822]

Following. Would appreciate if we could remove the dependency on loader-utils by dropping support for webpack 4.

[NidhiLearning]

I have updated the react-hot-loader dependency with version with version 4.13.0 but still I am getting the older loader-utils version in the package.json. Any suggestions? Is there anything which I am missing?

[theKashey]

@NidhiLearning - please use 4.13.1