Critical vulnerability issue in dependency `loader-utils` version 1.2.3

[jruales]

This library, typings-for-css-modules-loader, currently has a dependency on loader-utils version 1.2.3 specifically, which has a critical-severity vulnerability:

• https://nvd.nist.gov/vuln/detail/CVE-2022-37601
• [CVE-2022-37601]/Prototype pollution found in parseQuery.js webpack/loader-utils#212

Please update the dependency to address this critical vulnerability that is being flagged in Dependabot alerts of projects that depend on typings-for-css-modules-loader

[jruales]

FYI @Obi-Dann @niklasmh @raphael-leger

[Ivan-Strahovsky]

Guys, please take a look at the PR #74 and make a new release.

[propkitty]

This seriously needs a fix as this is a critical issue. Please accept the fix and make a new release ASAP!

[bgever]

As a temporary workaround, you can add this to package.json for NPM 8.3+, based on @Ivan-Strahovsky's PR #74.

"overrides": {
    "loader-utils": "^1.4.2"
}

[Obi-Dann]

Merged, sorry for the wait. Going to prepare a release shortly

[MudulOzan]

@Obi-Dann if fixed can we close this issue?