Using webpack-dev-middleware results with npm audit high vulnerability #38920
Labels
status: triage needed
Issue or pull request that need to be triaged and assigned to a reviewer
type: bug
An issue or pull request relating to a bug in Gatsby
Preliminary Checks
Description
Hi folks!
There is a
webpack-dev-middleware
usage in packages/gatsby/src/utils/start-server.ts which results with a high severity npm audit issue.Version
^4.3.0
has some reported vulnerabilities, which were fixed in patched versions hereWhat is the ETA of updating the mentioned package?
Reproduction Link
gatsby/packages/gatsby/package.json
Line 174 in 5723972
Steps to Reproduce
Run
npm audit
on a fresh Gatsby project.Expected Result
No high severity vulnerabilities found.
webpack-dev-middleware
should be bumped to v. 5.3.4 at leastActual Result
A high severity vulnerability was found.
Environment
Config Flags
No response
The text was updated successfully, but these errors were encountered: