How Do We Reproduce?

This is a vulnerability in ansi-html, which this package depends on. To repro, you can use the command below as described Tjatse/ansi-html#19.

Unfortunately, ansi-html seems to be unmaintained. There were several options discussed about what to do here webpack/webpack-dev-server#3576 and was fixed by switching to a fork of ansi-html called ansi-html-community. It was merged here webpack/webpack-dev-server#3801

While this package shouldn't be running in production, using unmaintained packages is an issue and vulnerability scanners pickup the fact that any project using webpack-hot-middleware is pulling in the vulnerable ansi-html package.

Will there be a release based on this?

Released in 2.25.1