NPM: https://www.npmjs.com/advisories/1217

There exists a vulnerability on the decompress file which is a dependency of image-webpack-loader as such: image-webpack-loader > imagemin-gifsicle > gifsicle > bin-build > decompress.

Refer to issue noted here kevva/decompress#71

The upstreams must update the dep then only this loader can

decompress is dependency of gifsicle imagemin/imagemin-gifsicle#41

either kevva GH org will fix decompress library or imagemin GH org will change to a maintained fork.

https://github.com/kevva/decompress repo was last active 2017