Update dependency webpack-dev-server to v3 [SECURITY] - abandoned #25
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. ⚠ Warning: custom changes will be lost. |
renovate
bot
changed the title
Autoclosing SkippedThis PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2.9.4->3.1.11GitHub Vulnerability Alerts
CVE-2018-14732
Versions of
webpack-dev-serverbefore 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement (HMR) are not validated.Recommendation
For
webpack-dev-serverupdate to version 3.1.11 or later.Release Notes
webpack/webpack-dev-server
v3.1.11Compare Source
Bug Fixes
options.color) (#1555) (55398b5)spdyv3.4.1...4.0.0 (assertion error) (#1491) (#1563) (7a3a257)nodeversion checks (#1543) (927a2b3)v3.1.10Compare Source
Bug Fixes
writeToDiskoption to schema (#1520) (d2f4902)sockjs-clientv1.1.5...1.3.0 (url-parsevulnerability) (#1537) (e719959)tls.DEFAULT_ECDH_CURVEto'auto'(#1531) (c12def3)v3.1.9Compare Source
3.1.9 (2018-09-24)
v3.1.8Compare Source
Bug Fixes
yargssecurity vulnerability (dependencies) (#1492) (8fb67c9)quietalways takes precedence (options.quiet) (#1486) (7a6ca47)v3.1.7Compare Source
Bug Fixes
spdyonnode >= v10.0.0(#1451) (8ab9eb6)v3.1.6Compare Source
Bug Fixes
processsignals correctly when the server isn't ready yet (#1432) (334c3a5)open-pageexample (#1401) (df30727)outputfilename to be a{Function}(#1409) (e2220c4)v3.1.5Compare Source
Progressevent in the client so plugins can use it (#1427)sockjs-clientto fix infinite reconnection loop (#1434)v3.1.4Compare Source
logLeveloptionsilentnot being accepted by schema validation (#1372)v3.1.3Compare Source
v3.1.2Compare Source
v3.1.1Compare Source
Bug Fixes
v3.1.0Compare Source
Updates
webpack-logis now used for logging to the terminal (webpack-dev-middleware was already using this).logLeveloption is added for more fine-grained control over the logging.Bugfixes
v3.0.0Compare Source
Updates
Bugfixes
Huge thanks to all the contributors!
Please note that webpack-serve will eventually be the successor of webpack-dev-server. The core features already work so if you're brave enough give it a try!
v2.11.5Compare Source
v2.11.4Compare Source
v2.11.3Compare Source
v2.11.2Compare Source
v2.11.1Compare Source
Our third attempt to fix compatibility with old browsers (#1273), this time we'll get it right.
v2.11.0Compare Source
Version 2.11.0 adds the transpilation of the client scripts via babel to ES5 which restores backwards compatibility (that was removed in 2.8.0) to very old or out of date browsers.
v2.10.1Compare Source
v2.10.0Compare Source
Version 2.10.0 adds the transpilation of the client scripts via babel to ES5 which restores backwards compatibility (that was removed in 2.8.0) to very old or out of date browsers.
Important webpack-dev-server has entered a maintenance-only mode. We won't be accepting any new features or major modifications. We'll still welcome pull requests for fixes however, and will continue to address any bugs that arise. Announcement with specifics pending.
Bugfixes
reportTimeoption (#1209)Updates
ce30460)markedversion for ReDos vuln (#1255)v2.9.7Compare Source
v2.9.6Compare Source
Bugfixes
v2.9.5Compare Source
Updates
6b2d7a0)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.