Re: roadhog's dependencies require update

[4rsal]

It appears to me that roadhog's dependencies are out of the date and require immidiate action. My reactjs project reports 83 vulnerabilities (76 low, 5 moderate, 1 high) in 58417 scanned packages. All dependency of roadhog!

Environment(required) | 环境（必填）

• roadhog version（roadhog版本） "roadhog": "^2.4.9"

• Nodejs and Npm version（Nodejs 和 Npm 版本） npm -v: 6.9.0 node -v: v10.8.0

• Operating environment (e.g. OS name) and its version（操作系统版本）:

What did you do? Please provide steps to re-produce your problem.（请提供复现步骤）

npm security report, reports the issue.

this is the high vulnerebility: │ High │ Missing Origin Validation │ Package │ webpack-dev-server
│ Patched in │ >=3.1.11
│ Dependency of │ roadhog [dev] Path │ roadhog > af-webpack > webpack-dev-server
│ More info │ https://npmjs.com/advisories/725

What do you expected?（预期的正常效果）

For roadhog to be using the updated dependencies

What happen?（发生了何种非正常现象）

npm security report: found 82 vulnerabilities (76 low, 5 moderate, 1 high) in 58417 scanned packages all dependencies of roadhog [dev]

Re-producible online demo (可复现的在线demo)