Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade webpack-dev-server to 4.9.0 to resolve security issues #2223

Merged
merged 2 commits into from May 12, 2022
Merged

Upgrade webpack-dev-server to 4.9.0 to resolve security issues #2223

merged 2 commits into from May 12, 2022

Conversation

nainkunal933
Copy link
Contributor

@nainkunal933 nainkunal933 commented May 11, 2022
edited

Issue #:

Description of changes:
Upgrading webpack-dev-server to 4.9.0 to resolve security issues. This is not a major version change. This update resolves 4 dependabot security alerts.

Version 4.9.0 included some security updates like

replace portfinder with custom implementation and fix security problem (webpack/webpack-dev-server#4384) (eea50f3)

More information about the updates can be learned in the CHANGELOG: https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md

Testing:
I ran the browser demo to test for any changes in functionality.

Can these tested using a demo application? Please provide reproducible step-by-step instructions.
If the demo can be launched, this change is tested.

Checklist:

  1. Have you successfully run npm run build:release locally?
    NA

  2. Do you add, modify, or delete public API definitions? If yes, has that been reviewed and approved?
    NA

  3. Do you change the wire protocol, e.g. the request method? If yes, has that been reviewed and approved?
    NA

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@nainkunal933 nainkunal933 requested a review from a team as a code owner May 11, 2022 23:51
@nainkunal933 nainkunal933 self-assigned this May 11, 2022
@nainkunal933 nainkunal933 added the dependencies Pull requests that update a dependency file label May 11, 2022
@nainkunal933 nainkunal933 merged commit 151dda2 into main May 12, 2022
@nainkunal933 nainkunal933 deleted the security-fix branch May 12, 2022 01:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ltrung ltrung ltrung approved these changes

Assignees

@nainkunal933 nainkunal933

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@nainkunal933 @ltrung