Node16 npm audit moderate

[z-zp]

Do you want to request a feature, report a bug or ask a question?

What is the current behavior?

What is the expected behavior?

If the current behavior is a bug, please provide the steps to reproduce, at least part of webpack config with loader configuration and piece of your code.
The best way is to create repo with minimal setup to demonstrate a problem (package.json, webpack config and your code).
It you don't want to create a repository - create a gist with multiple files

If this is a feature request, what is motivation or use case for changing the behavior?

Please tell us about your environment:

• Node.js version: 16
• webpack version: 5
• svg-sprite-loader version: 6.0.11
• OS type & version: mac

Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. stackoverflow, gitter, etc)

┬ [email protected]
│ └─┬ [email protected]
│ ├─┬ [email protected]
│ │ └── [email protected] deduped
│ └── [email protected]

its dependencies [email protected].
[email protected] is need to upgrade GHSA-566m-qj78-rww5

[MaximeCheramy]

There is also a critical vulnerability:

loader-utils  <2.0.3
Severity: critical
Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq
No fix available
node_modules/loader-utils
node_modules/svg-baker/node_modules/loader-utils

Direct dependency:

├─┬ [email protected]
│ ├── [email protected]

[wermanoid]

And also critical vulnerability in htmlparser2.

it is recommended to update htmlparser2 to v5+

└─┬ [email protected]
    └─┬ [email protected]
      └─┬ [email protected]
        └─┬ [email protected]
          └── [email protected] 

actually, is this package still somehow maintained?