[vulnerabilities] npm displayed a warning "2 high severity vulnerabilities".

pmmmwh / react-refresh-webpack-plugin

A Webpack plugin to enable "Fast Refresh" (also previously known as Hot Reloading) for React components.

MIT License

3.13k stars 192 forks source link

[vulnerabilities] npm displayed a warning "2 high severity vulnerabilities". #846

Closed stein2nd closed 3 months ago

stein2nd commented 3 months ago

In the 'react-refresh-webpack-plugin' installation directory, 'ncu', 'ncu -u' and 'npm install -force' were executed in sequence. prettser

2 high severity vulnerabilities

Some issues need review, and may require choosing a different dependency.

Run npm audit for details.

The following is the result of running 'npm audit'. Pasted Graphic 3

pmmmwh commented 3 months ago

Hi, sourcemap-validator (the package consuming lodash.template) is only used in testing - unfortunately the lodash team doesn't want to publish a new version to fix this vulnerability, so it is impossible for us to act on.

As for webpack-dev-middleware, we currently still support WDSv3 but will drop that in v0.6.x.