Backport Security Fix to 6.2.1

[loren138]

• I've searched for any related issues and avoided creating a duplicate
  issue.

Description

Any chances the security fix patch 00c425e could be backported to 6.2.1 to release a 6.2.2 with the fix?

Webpack-dev-server currently uses 6.2.1 which has caused a flagged security issue in a lot of repos that can't be fixed until people can upgrade to the not yet stable webpack-dev-server 4. webpack/webpack-dev-server#3360 (Incidentally, we are using webpack-dev-server as a dependency of react-scrips so it will probably be a long time before react-scripts updates to webpack-dev-server v4.)

Admittedly being a dev server, this is (hopefully) only local, but it would be nice not to have a security alert stuck on our github repository.

Reproducible in:

• version: 6.2.1
• Node.js version(s):
• OS version(s):

Steps to reproduce:

1. Install webpack-dev-server

Expected result:

No security issue

Actual result:

Flagged security issues

[lpinca]

ws@6 is no longer maintained. Is there anything that prevents them from upgrading to ws@7? ws@7.0.0 was release more than two years ago.

[lpinca]

I guess this https://github.com/webpack/webpack-dev-server/blob/v3.11.2/package.json#L14 is the blocker.

[lpinca]

I've released ws@6.2.2 and updated the security advisory. I don't know if the change will be automatically reflected to the GitHub Advisory Database and processed accordingly.

[dacevedo12]

Will the npm advisory be updated too? https://www.npmjs.com/advisories/1748/versions