-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update dependency webpack-dev-server to v5 [SECURITY] #16
Open
renovate
wants to merge
1
commit into
master
Choose a base branch
from
renovate/npm-webpack-dev-server-vulnerability
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+1
−1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
changed the title
Pin dependency webpack-dev-server to v1.16.5 [SECURITY]
Pin dependency webpack-dev-server to 1.16.5 [SECURITY]
May 9, 2021
renovate
bot
changed the title
Pin dependency webpack-dev-server to 1.16.5 [SECURITY]
Pin dependency webpack-dev-server to v1.16.5 [SECURITY]
May 15, 2021
renovate
bot
changed the title
Pin dependency webpack-dev-server to v1.16.5 [SECURITY]
Pin dependency webpack-dev-server to v [SECURITY]
Mar 7, 2022
renovate
bot
changed the title
Pin dependency webpack-dev-server to v [SECURITY]
Pin dependency webpack-dev-server to v1.16.5 [SECURITY]
Sep 25, 2022
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
November 20, 2022 15:33
e237ec3
to
05fd871
Compare
renovate
bot
changed the title
Pin dependency webpack-dev-server to v1.16.5 [SECURITY]
Update dependency webpack-dev-server to v4 [SECURITY]
Nov 20, 2022
renovate
bot
changed the title
Update dependency webpack-dev-server to v4 [SECURITY]
Update dependency webpack-dev-server to v3 [SECURITY]
Mar 27, 2023
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
March 27, 2023 16:53
05fd871
to
fae32cb
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
May 29, 2023 17:53
fae32cb
to
cd50edc
Compare
renovate
bot
changed the title
Update dependency webpack-dev-server to v3 [SECURITY]
Update dependency webpack-dev-server to v4 [SECURITY]
May 29, 2023
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
June 1, 2023 16:09
cd50edc
to
f09f323
Compare
renovate
bot
changed the title
Update dependency webpack-dev-server to v4 [SECURITY]
Update dependency webpack-dev-server to v3 [SECURITY]
Jun 1, 2023
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
June 8, 2023 06:00
f09f323
to
04129a9
Compare
renovate
bot
changed the title
Update dependency webpack-dev-server to v3 [SECURITY]
Update dependency webpack-dev-server to v4 [SECURITY]
Jun 8, 2023
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
June 10, 2023 11:19
04129a9
to
e7c47fc
Compare
renovate
bot
changed the title
Update dependency webpack-dev-server to v4 [SECURITY]
Update dependency webpack-dev-server to v3 [SECURITY]
Jun 10, 2023
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
June 14, 2023 02:27
e7c47fc
to
b9e917d
Compare
renovate
bot
changed the title
Update dependency webpack-dev-server to v3 [SECURITY]
Update dependency webpack-dev-server to v4 [SECURITY]
Jun 14, 2023
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
June 17, 2023 05:21
b9e917d
to
899fbd0
Compare
renovate
bot
changed the title
Update dependency webpack-dev-server to v4 [SECURITY]
Update dependency webpack-dev-server to v3 [SECURITY]
Jun 17, 2023
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
June 18, 2023 11:58
899fbd0
to
694f0e5
Compare
renovate
bot
changed the title
Update dependency webpack-dev-server to v3 [SECURITY]
Update dependency webpack-dev-server to v4 [SECURITY]
Jun 18, 2023
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
June 22, 2023 23:12
694f0e5
to
2f2aa89
Compare
renovate
bot
changed the title
Update dependency webpack-dev-server to v4 [SECURITY]
Update dependency webpack-dev-server to v3 [SECURITY]
Jun 22, 2023
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
June 30, 2023 02:33
2f2aa89
to
f522784
Compare
renovate
bot
changed the title
Update dependency webpack-dev-server to v3 [SECURITY]
Update dependency webpack-dev-server to v4 [SECURITY]
Jun 30, 2023
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
July 1, 2023 00:46
f522784
to
30d7dfe
Compare
renovate
bot
changed the title
Update dependency webpack-dev-server to v4 [SECURITY]
Update dependency webpack-dev-server to v3 [SECURITY]
Jul 1, 2023
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
July 7, 2023 20:41
30d7dfe
to
6990797
Compare
renovate
bot
changed the title
Update dependency webpack-dev-server to v3 [SECURITY]
Update dependency webpack-dev-server to v4 [SECURITY]
Jul 7, 2023
renovate
bot
changed the title
Update dependency webpack-dev-server to v3 [SECURITY]
Update dependency webpack-dev-server to v5 [SECURITY]
May 9, 2024
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
May 10, 2024 05:44
48d8c2b
to
b547a25
Compare
renovate
bot
changed the title
Update dependency webpack-dev-server to v5 [SECURITY]
Update dependency webpack-dev-server to v3 [SECURITY]
May 10, 2024
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
May 22, 2024 23:54
b547a25
to
dbe5d3c
Compare
renovate
bot
changed the title
Update dependency webpack-dev-server to v3 [SECURITY]
Update dependency webpack-dev-server to v5 [SECURITY]
May 22, 2024
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
May 23, 2024 11:49
dbe5d3c
to
8cf2cef
Compare
renovate
bot
changed the title
Update dependency webpack-dev-server to v5 [SECURITY]
Update dependency webpack-dev-server to v3 [SECURITY]
May 23, 2024
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
June 5, 2024 02:41
8cf2cef
to
f80b08d
Compare
renovate
bot
changed the title
Update dependency webpack-dev-server to v3 [SECURITY]
Update dependency webpack-dev-server to v5 [SECURITY]
Jun 5, 2024
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
June 6, 2024 05:40
f80b08d
to
90fcbcb
Compare
renovate
bot
changed the title
Update dependency webpack-dev-server to v5 [SECURITY]
Update dependency webpack-dev-server to v3 [SECURITY]
Jun 6, 2024
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
June 28, 2024 02:46
90fcbcb
to
abd07b6
Compare
renovate
bot
changed the title
Update dependency webpack-dev-server to v3 [SECURITY]
Update dependency webpack-dev-server to v5 [SECURITY]
Jun 28, 2024
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
June 29, 2024 08:41
abd07b6
to
4088d5b
Compare
renovate
bot
changed the title
Update dependency webpack-dev-server to v5 [SECURITY]
Update dependency webpack-dev-server to v3 [SECURITY]
Jun 29, 2024
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
July 14, 2024 20:40
4088d5b
to
88c1b52
Compare
renovate
bot
changed the title
Update dependency webpack-dev-server to v3 [SECURITY]
Update dependency webpack-dev-server to v5 [SECURITY]
Jul 14, 2024
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
July 15, 2024 05:55
88c1b52
to
5fe6111
Compare
renovate
bot
changed the title
Update dependency webpack-dev-server to v5 [SECURITY]
Update dependency webpack-dev-server to v3 [SECURITY]
Jul 15, 2024
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
July 22, 2024 14:47
5fe6111
to
c1e32fe
Compare
renovate
bot
changed the title
Update dependency webpack-dev-server to v3 [SECURITY]
Update dependency webpack-dev-server to v5 [SECURITY]
Jul 22, 2024
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
July 24, 2024 08:43
c1e32fe
to
da63cc8
Compare
renovate
bot
changed the title
Update dependency webpack-dev-server to v5 [SECURITY]
Update dependency webpack-dev-server to v3 [SECURITY]
Jul 24, 2024
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
July 28, 2024 18:00
da63cc8
to
0bb1c44
Compare
renovate
bot
changed the title
Update dependency webpack-dev-server to v3 [SECURITY]
Update dependency webpack-dev-server to v5 [SECURITY]
Jul 28, 2024
renovate
bot
changed the title
Update dependency webpack-dev-server to v5 [SECURITY]
Update dependency webpack-dev-server to v3 [SECURITY]
Jul 29, 2024
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
July 29, 2024 05:20
0bb1c44
to
ec8bd78
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
October 10, 2024 09:00
ec8bd78
to
632207b
Compare
renovate
bot
changed the title
Update dependency webpack-dev-server to v3 [SECURITY]
Update dependency webpack-dev-server to v5 [SECURITY]
Oct 10, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
None yet
0 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^1.14.0
->^5.0.0
GitHub Vulnerability Alerts
CVE-2018-14732
Versions of
webpack-dev-server
before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement (HMR) are not validated.Recommendation
For
webpack-dev-server
update to version 3.1.11 or later.Release Notes
webpack/webpack-dev-server (webpack-dev-server)
v5.1.0
Compare Source
Features
app
option to beFunction
(by default only withconnect
compatibility frameworks) (3096148)server
option to beFunction
(#5275) (02a1c6d)connect
andconnect
compatibility frameworks which support HTTP2 (#5267) (6509a3f)Bug Fixes
platform
property to determinate the target (#5269) (c3b532c)rimraf
withrm
(#5162) (1a1561f)devServer: false
(#5272) (8b341cb)5.0.4 (2024-03-19)
Bug Fixes
5.0.3 (2024-03-12)
Bug Fixes
5.0.2 (2024-02-16)
Bug Fixes
5.0.1 (2024-02-13)
Bug Fixes
require-trusted-types-for
(#5046) (e115436)v5.0.4
Compare Source
v5.0.3
Compare Source
v5.0.2
Compare Source
v5.0.1
Compare Source
v5.0.0
Compare Source
Migration Guide and Changes.
4.15.1 (2023-06-09)
Bug Fixes
::
withlocalhost
before openBrowser() (#4856) (874c44b)@types/ws
(#4899) (34bcec2)v4.15.2
Compare Source
4.15.2 (2024-03-20)
Bug Fixes
v4.15.1
Compare Source
v4.15.0
Compare Source
Features
v4.14.0
Compare Source
Features
4.13.3 (2023-04-15)
Bug Fixes
4.13.2 (2023-03-31)
Bug Fixes
4.13.1 (2023-03-18)
Bug Fixes
v4.13.3
Compare Source
v4.13.2
Compare Source
v4.13.1
Compare Source
v4.13.0
Compare Source
Features
client.overlay.runtimeErrors
option to control runtime errors (#4773) (dca2366)v4.12.0
Compare Source
Features
sockjs_url
option (onlysockjs
) using thewebSocketServer.options.sockjsUrl
option (#4586) (69a2fba)Bug Fixes
experiments.buildHttp
(#4585) (5b846cb)NODE_PATH
env variable (#4581) (b857e6f)4.11.1 (2022-09-19)
Bug Fixes
client.logging
option for all logs (#4572) (375835c)v4.11.1
Compare Source
v4.11.0
Compare Source
Features
Bug Fixes
4.10.1 (2022-08-29)
Bug Fixes
v4.10.1
Compare Source
v4.10.0
Compare Source
Features
client
options via resource URL (#4274) (216e3cb)Bug Fixes
4.9.3 (2022-06-29)
Bug Fixes
4.9.2 (2022-06-06)
Bug Fixes
@types/serve-static
to dependencies (#4468) (af83deb)4.9.1 (2022-05-31)
Bug Fixes
v4.9.3
Compare Source
v4.9.2
Compare Source
v4.9.1
Compare Source
v4.9.0
Compare Source
Features
Bug Fixes
4.8.1 (2022-04-06)
Bug Fixes
v4.8.1
Compare Source
v4.8.0
Compare Source
Features
Bug Fixes
--no-client-reconnect
(#4248) (317648d)--no-client
(#4250) (c3b6690)--no-history-api-fallback
(#4277) (d63a0a2)negatedDescription
only for typeboolean
(#4280) (fcf8e8e)4.7.4 (2022-02-02)
Bug Fixes
proxy
option (#4173) (efec2f5)--open-app-name
and--web-socket-server
(#4215) (329679a)4.7.3 (2022-01-11)
Security
selfsigned
to2.0.0
version4.7.2 (2021-12-29)
Bug Fixes
onAfterSetupMiddleware
aftersetupMiddlewares
(as behavior earlier) (f6bc644)4.7.1 (2021-12-22)
Bug Fixes
url
package, fixed compatibility with future webpack defaults (#4132) (4e5d8ea)v4.7.4
Compare Source
v4.7.3
Compare Source
v4.7.2
Compare Source
v4.7.1
Compare Source
v4.7.0
Compare Source
Features
setupMiddlewares
option and deprecatedonAfterSetupMiddleware
andonBeforeSetupMiddleware
options (#4068) (c13aa56)cacert
option (#4115) (c73ddfb)Bug Fixes
watchFiles
options (#4057) (75f3817)ClientLogging
(#4084) (9b7ae7b)--open-app
deprecated in favor of--open-app-name
(#4091) (693c28a)https
andhttp2
(#4069) (d8d5d71)--web-socket-server
description (#4098) (65955e9)listen
andclose
deprecation warning message (#4097) (b217a19)https
andserver
options (#4094) (f97c9e2)v4.6.0
Compare Source
Features
chokidar
options (#4025) (5026601)Bug Fixes
v4.5.0
Compare Source
Features
--web-socket-server-type
option for CLI (#4001) (17c390a)https
/http2
option, migration guide forhttps
and migration guide forhttp2
(because we usespdy
for http2 dueexpress
doesn't support http2) (#4003) (521cf85)Bug Fixes
v4.4.0
Compare Source
Features
server
option, now you can pass server options, example{ server: { type: 'http', options: { maxHeaderSize: 32768 } } }
, available options forhttp
andhttps
, note - forhttp2
is usedspdy
, options specified in theserver.options
option take precedence overhttps
/http2
options (#3940) (a70a7ef)client.reconnect
option (#3912) (5edad76)startCallback
andendCallback
(#3969) (b0928ac)Bug Fixes
4.3.1 (2021-10-04)
Bug Fixes
v4.3.1
Compare Source
v4.3.0
Compare Source
Features
headers
option (#3847) (9911437)Bug Fixes
port
option property (ed67f66)4.2.1 (2021-09-13)
Bug Fixes
4.2.0 (2021-09-09)
Features
http.ca
option (CLI option added too) (should be used insteadcacert
, because we will remove it in the next major release in favor thehttps.ca
option)https.crl
option (CLI options added too), more informationhttps.ca
/https.cacert
/https.cert
/https.crl
/https.key
/https.pfx
options are now accept Arrays ofBuffer
/string
/Path to file, using--https-*-reset
CLI options you can reset these optionshttps.pfx
/https.key
can beObject[]
, more informationhttps
options can now accept custom options, you can use:Bug Fixes
file:
andchrome-extensions:
protocol by default (#3822) (138f064)https.cacert
option (#3820) (0002ebf)4.1.1 (2021-09-07)
Bug Fixes
magicHtml
option (#3772) (b80610f)ansi-html
withansi-html-community
to avoid CVE (#3801) (36fd214)v4.2.1
Compare Source
v4.2.0
Compare Source
v4.1.1
Compare Source
v4.1.0
Compare Source
Features
magicHtml
option (#3717) (4831f58)hot
andlive-reload
for client using search params (1c57680)hot
option is enabled with the HMR plugin in config (#3744) (6cb1e4e)Bug Fixes
Disconnected!
toinfo
(fde27f5)--allowed-hosts all
correctly (#3720) (326ed56)bypass
option withtarget
/router
options for proxy (b5dd568)v4.0.0
Compare Source
v3.11.3
Compare Source
3.11.3 (2021-11-08)
Bug Fixes
ansi-html
withansi-html-community
(#4011) (4fef67b)v3.11.2
Compare Source
3.11.2 (2021-01-13)
Bug Fixes
serve
command (a5fe337)v3.11.1
Compare Source
3.11.1 (2020-12-29)
Bug Fixes
open
option works usingwebpack serve
without value (#2948) (4837dc9)v3.11.0
Compare Source
Features
contentBasePublicPath
paths (#2489) (c6bdfe4)Bug Fixes
3.10.3 (2020-02-05)
Bug Fixes
3.10.2 (2020-01-31)
Bug Fixes
GET
andHEAD
request to routes (#2374) (ebe8eca)3.10.1 (2019-12-19)
Bug Fixes
v3.10.3
Compare Source
v3.10.2
Compare Source
v3.10.1
Compare Source
v3.10.0
Compare Source
Features
sockPort: 'location'
) (#2341) (dc10d06)contentBasePublicPath
option (#2150) (cee700d)Bug Fixes
v3.9.0
Compare Source
Bug Fixes
hostname
andport
to bonjour name to prevent name collisions (#2276) (d8af2d9)extKeyUsage
to self-signed cert (#2274) (a4dbc3b)Features
openPage
support (#2266) (c9e9178)3.8.2 (2019-10-02)
Security
selfsigned
package3.8.1 (2019-09-16)
Bug Fixes
ContentBase
option on windows (#2202) (68ecf78)v3.8.2
Compare Source
v3.8.1
Compare Source
v3.8.0
Compare Source
Bug Fixes
Features
Potential Breaking changes
We have migrated
serverMode
andclientMode
totransportMode
as an experimental option. If you want to use this feature, you have to change your settings.Related PR: https://github.com/webpack/webpack-dev-server/pull/2116
3.7.2 (2019-06-17)
Bug Fixes
wait: false
to run server.close successfully (#2001) (2b4cb52)3.7.1 (2019-06-07)
Bug Fixes
v3.7.2
Compare Source
v3.7.1
Compare Source
v3.7.0
Compare Source
Bug Fixes
v3.6.0
Compare Source
Bug Fixes
--overlay
(#1968) (dc81e23)Features
3.5.1 (2019-06-01)
Bug Fixes
v3.5.1
Compare Source
v3.5.0
Compare Source
Bug Fixes
electron-renderer
target (#1935) (9297988)node-webkit
target (#1942) (c6b2b1f)Features
onListening
option (#1930) (61d0cdf)WEBPACK_DEV_SERVER
env variable (#1929) (856169e)3.4.1 (2019-05-17)
Bug Fixes
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.