Open garyhlai opened 5 years ago
The good news is that the published react-datamaps
package doesn’t depend on webpack-dev-server
at all. It’s just the examples, which don’t get published, that use the old version. That also makes this much less severe since the vulnerability won’t be part of any production system. If you’re interested in fixing this, I’d welcome a pull request that upgrades the examples to use the latest webpack
and webpack-dev-server
!
There are two vulnerabilities issues. "Missing Origin Validation" and "Command Injection." If I try to fix them by running "nom install --save-dev Webpack-dev-server@3.1.14" it will break the code. Help please?