btmills
commented
5 years ago The good news is that the published react-datamaps package doesn’t depend on webpack-dev-server at all. It’s just the examples, which don’t get published, that use the old version. That also makes this much less severe since the vulnerability won’t be part of any production system. If you’re interested in fixing this, I’d welcome a pull request that upgrades the examples to use the latest webpack and webpack-dev-server!
There are two vulnerabilities issues. "Missing Origin Validation" and "Command Injection." If I try to fix them by running "nom install --save-dev Webpack-dev-server@3.1.14" it will break the code. Help please?