release 1.10.14 vulnerability node-forge
artola opened this issue · 1 comments
artola commented
Released package v1.10.13 contains "node-forge": "^1.2.0" ... but the next release v.1.10.14 contains "node-forge": "^0.10.0".
Is this because of a rollback due some problem in the upgrade? If it works, it work be great to release a 1.10.* with the fixed dependency.
artola commented
Found reasoning at: #52 (comment)
My problem is caused by webpack-dev-server@npm:3.11.3 ==> "selfsigned": "^1.10.8",
Solved with:
"resolutions": {
"webpack-dev-server/selfsigned": "^2.0.1"
}I will try to eliminate the dependency that pulls in webpack-dev-server v3.