security problem

[grosfaignan]

Bug report

high vulnerability found :

Actual Behavior

PS C:\xampp\htdocs\symfony\webpackStartup> npm audit
                       === npm audit security report ===
                                 Manual Review
             Some vulnerabilities require your attention to resolve
          Visit https://go.npm.me/audit-guide for additional guidance
  High            Prototype Pollution in JSON5 via Parse Method

  Package         json5

  Patched in      >=1.0.2

  Dependency of   npm-install-webpack-plugin [dev]

  Path            npm-install-webpack-plugin > json5

  More info       https://github.com/advisories/GHSA-9c47-m6qq-7p4h

found 1 high severity vulnerability in 734 scanned packages
  1 vulnerability requires manual review. See the full report for details.
  

$ npm audit fix can't fix it`

Expected Behavior

How Do We Reproduce?

$ npm install --save-dev npm-install-webpack-plugin

Please paste the results of npx webpack-cli info here, and mention other relevant information

    OS: Windows 10 10.0.19044
    CPU: (4) x64 Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
    Memory: 6.17 GB / 15.91 GB
  Binaries:
    Node: 14.17.5 - C:\Program Files\nodejs\node.EXE
    npm: 6.14.14 - C:\Program Files\nodejs\npm.CMD
  Browsers:
    Edge: Spartan (44.19041.1266.0), Chromium (112.0.1722.46)
    Internet Explorer: 11.0.19041.1566
  Packages:
    babel-loader: ^9.1.2 => 9.1.2
    css-loader: ^6.7.3 => 6.7.3
    eslint-webpack-plugin: ^4.0.0 => 4.0.0
    html-webpack-plugin: ^5.5.0 => 5.5.0
    less-loader: ^11.1.0 => 11.1.0
    npm-install-webpack-plugin: ^4.0.5 => 4.0.5
    postcss-loader: ^7.1.0 => 7.1.0
    style-loader: ^3.3.2 => 3.3.2
    terser-webpack-plugin: ^5.3.7 => 5.3.7
    time-analytics-webpack-plugin: ^0.1.20 => 0.1.20
    webpack: ^5.76.3 => 5.76.3
    webpack-bundle-analyzer: ^4.8.0 => 4.8.0
    webpack-cli: ^5.0.1 => 5.0.1
    
    ```