CVE-2022-46175 - High

[ldco2016]

Guys, we are using a dependency called svg-inline-loader which is using loader-utils@.4.2 which seems to be using json5@1.0.2 and since svg-inline-loader version we are using is the latest one, we would need for loader-utils to be on a version that is using a json5 version where the CVE has been patched or perhaps a version not needing that dependency at all.

Could you please advise as we need to resolve these vulnerabilities as soon as possible.

[alexander-akait]

loader-utils is deprecated and should not used in loader anymore, also loader-utils@0.4.2 is outdated and this CVE was fixed in the last version, so please ask developer(s) of svg-inline-loader update deps