Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
raw-loader is used to inline svg in our cke5 wepack build. there is a security issue in one of the dependency of raw-loader: https://github.com/advisories/GHSA-76p3-8jx3-jpfq
raw-loader itself is deprecated in webpack5 so we don't need it.
Steps to reproduce
Proposed resolution
use wepack5 features to replace raw-loader.
Remaining tasks
User interface changes
API changes
Data model changes
Release notes snippet
Comment | File | Size | Author |
---|---|---|---|
#8 | interdiff-4-9.txt | 1.82 KB | nod_ |
#8 | core-3319917-9.5-8.patch | 6.44 KB | nod_ |
#5 | core-3319917-9.5-4.patch | 4.26 KB | nod_ |
#4 | core-3319917-10.0-3.patch | 4.57 KB | nod_ |
| |||
#2 | core-3319917-2.patch | 4.57 KB | nod_ |
|
Comments
Comment #2
nod_no changes to the built files.
Comment #3
nod_Comment #4
nod_10.0 version
Comment #5
nod_and the 9.5 version while i'm at it.
Comment #6
nod_Comment #7
lauriiiyarn build:css
⚠️Comment #8
nod_css changes are in 9.5 because of missing changes in the postcss patch, didn't want to step anywhere so removed it. Adding it back.
Comment #9
lauriiiThat's right, I realized the patch should only have an impact on CKEditor 5 build. I tested again with CKEditor 5 related SVG and confirmed those are still loaded too 😇. To me #8 seems fine even though the changes are unrelated because that's the result of running
yarn build
(which should always be run when reviewing changes topackage.json
/yarn.lock
).Confirmed that Drupal 10 looks all good 👍
Comment #12
longwaveCommitted and pushed b2bc383ebe to 10.1.x and c0b30d9236 to 10.0.x. Thanks!
Will backport to 9.5.x once #8 comes back green.
Comment #13
alexpott@longwave congrats on your first commit!
Comment #14
lauriiiCongrats @longwave 🥳 🎉
Comment #15
nod_and it's green :D
Comment #16
longwaveCommitted f18b610 and pushed to 9.5.x. Thanks!