Vulnerability in boilerplate code
When running npm install to get the boilerplate code a warning about 3 vulnerabilities is issued.
SEMVER WARNING: Recommended action is a potentially breaking change
High | Missing Origin Validation
│ Package │ webpack-dev-server │
│ Dependency of │ webpack-dev-server [dev] │
│ Path │ webpack-dev-server │
│ More info │ https://nodesecurity.io/advisories/725 │
Run npm install --save-dev css-loader@2.1.1 to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change
│ Moderate │ Denial of Service │
│ Package │ js-yaml │
│ Dependency of │ css-loader [dev] │
│ Path │ css-loader > cssnano > postcss-svgo > svgo > js-yaml │
│ More info │ https://nodesecurity.io/advisories/788 │
│ Manual Review │ │ Some vulnerabilities require your attention to resolve │ │ │ │ Visit https://go.npm.me/audit-guide for additional guidance │
│ Low │ Regular Expression Denial of Service │
│ Package │ braces │
│ Patched in │ >=2.3.1 │
│ Dependency of │ babel-cli [dev] │
│ Path │ babel-cli > chokidar > anymatch > micromatch > braces │
│ More info │ https://nodesecurity.io/advisories/786 │
Trying to fix it with npm audit fix 1 vulnerability required manual review and could not be updated
2 package updates for 2 vulns involved breaking changes