webpack in prod dependencies

Question

webpack in prod dependencies

p-somers opened this issue 4 years ago · comments

Can webpack be moved to dev-dependencies? This is causing issues in my project which uses a newer version of react

jc-hcl · Answer 1 · Thu Sep 02 2021 18:04:22 GMT+0800 (China Standard Time)

@llorentegerman please consider this issue, OSS scanning tools consider all the transitive dependencies of webpack as being shipped code which results in a large number of false-positive alerts being raised.

Germán Llorente · Answer 2 · Thu Sep 02 2021 18:16:45 GMT+0800 (China Standard Time)

@jc-hcl are you using the latest version of this package? (v2.3.3)

jc-hcl · Answer 3 · Thu Sep 02 2021 18:47:49 GMT+0800 (China Standard Time)

Was checking back on this defect and PR which were open, but can see it's been fixed in the 2.3.3 release, many thanks!