Security update of mime?

[cordoval]

• Operating System: Docker Alpine
• Node Version: 8.5.0
• NPM Version: yarn 1.1.0
• webpack Version: "webpack": "2.7.0",
• webpack-dev-server Version: "webpack-dev-server": "2.6.1",

• This is a bug
• This is a feature request
• This is a modification request

Code

  // webpack.config.js

There is a vulnerability on mime that was fixed on latest release broofa/mime@f2d859e#diff-b9cfc7f2cdf78a7f4b91a753d10865a2R47 can we bump up whoever is using it?

┌───────────────┬─────────────────────────────────────────────────────────────────┐
│               │ Regular Expression Denial of Service                            │
├───────────────┼─────────────────────────────────────────────────────────────────┤
│ Name          │ mime                                                            │
├───────────────┼─────────────────────────────────────────────────────────────────┤
│ CVSS          │ 7.5 (High)                                                      │
├───────────────┼─────────────────────────────────────────────────────────────────┤
│ Installed     │ 1.3.4                                                           │
├───────────────┼─────────────────────────────────────────────────────────────────┤
│ Vulnerable    │ < 1.4.1 || > 2.0.0 < 2.0.3                                      │
├───────────────┼─────────────────────────────────────────────────────────────────┤
│ Patched       │ >= 1.4.1 < 2.0.0 || >= 2.0.3                                    │
├───────────────┼─────────────────────────────────────────────────────────────────┤
│ Path          │ system@2.0.0 > webpack-dev-server@2.9.1 > expr… │
├───────────────┼─────────────────────────────────────────────────────────────────┤
│ More Info     │ https://nodesecurity.io/advisories/535                          │
└───────────────┴────────────────────────────────────────────────────────────────

  // additional code, remove if not needed.

Expected Behavior

Actual Behavior

For Bugs; How can we reproduce the behavior?

For Features; What is the motivation and/or use-case for the feature?

[shellscape]

@cordoval few things; this isn't a bug but a modification request. that's an important distinction. you can track down who is using mime by inspecting the package-lock.json. and lastly, your webpack and wepback-dev-server versions are very out of date. we haven't received any security notifications about the latest version, so we're closing this one.

[cordoval]

thanks i will upgrade 👍

[cordoval]

i use yarn run secure "secure": "nsp check"
yarn nsp check but not sure if this package gets screened like this