-
Notifications
You must be signed in to change notification settings - Fork 93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
lqip-loader → url-regex vulnerability #192
Comments
I already moved away from this loader in the canary version. Actually, I moved away from all those different loaders as they introduced more problems than they have solved and it made maintaining this library hard in general. The custom loader is based on similar libraries and combines all features. That way, I can better control the dependency chain in the future in case a similar problem occurs.
One way would be to already switch to the canary version. It is already considered stable and will be released soon when the missing features ( |
We use neither sprite or trace so that works just fine for us. Thanks! |
We've just had a CI warning for url-regex, a dependency of lqip-loader. lqip-loader does not seem to be actively maintained and I am not confident that the issue on their repo will be resolved anytime soon. My team and I feel a little uncomfortable about this dependency chain.
My questions are:
The text was updated successfully, but these errors were encountered: