Open
Description
Current behavior
Dependabot gives an alert about following vulnerability: Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS.
Expected behavior
No vulnerabilities, Webpack dependecy updated to >=5.94.0 .
Steps to reproduce the issue
Run npm audit / pnpm audit, result:
Issue reproduction repository
https://github.com/domstolene/designsystem/tree/main/packages/tokens
Environment
- fork-ts-checker-webpack-plugin: ^9.0.2
- typescript: ^5.6.3
- eslint: 8.57.1
- os: Windows 10