webpack in prod dependencies
p-somers opened this issue · comments
Peter Somers commented
Can webpack be moved to dev-dependencies? This is causing issues in my project which uses a newer version of react
jc-hcl commented
@llorentegerman please consider this issue, OSS scanning tools consider all the transitive dependencies of webpack as being shipped code which results in a large number of false-positive alerts being raised.
Germán Llorente commented
@jc-hcl are you using the latest version of this package? (v2.3.3)
jc-hcl commented
Was checking back on this defect and PR which were open, but can see it's been fixed in the 2.3.3 release, many thanks!