Skip to content
This repository has been archived by the owner on Dec 20, 2023. It is now read-only.

chore(deps): update dependency webpack-dev-server to v3 (master) #91

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

appcues-wss[bot]
Copy link

@appcues-wss appcues-wss bot commented Jun 16, 2023

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
webpack-dev-server ^1.16.5 -> ^3.0.0 age adoption passing confidence

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score CVE
Critical Critical 9.8 CVE-2018-3774
Critical Critical 9.8 CVE-2018-3774
Critical Critical 9.8 CVE-2022-0691
Critical Critical 9.8 CVE-2022-0691
Critical Critical 9.3 CVE-2022-1650
Critical Critical 9.1 CVE-2022-0686
Critical Critical 9.1 CVE-2022-0686
High High 7.8 WS-2018-0107
High High 7.5 CVE-2017-16118
High High 7.5 CVE-2017-16119
High High 7.5 CVE-2017-16138
High High 7.5 CVE-2017-16138
High High 7.5 CVE-2018-14732
High High 7.5 CVE-2020-7662
High High 7.5 CVE-2022-24999
High High 7.5 WS-2020-0091
High High 7.4 WS-2018-0588
High High 7.4 WS-2018-0588
Medium Medium 5.3 CVE-2017-16028
Medium Medium 5.3 CVE-2020-7693
Medium Medium 5.3 CVE-2020-8124
Medium Medium 5.3 CVE-2020-8124
Medium Medium 5.3 CVE-2021-27515
Medium Medium 5.3 CVE-2021-27515
Medium Medium 5.3 CVE-2021-3664
Medium Medium 5.3 CVE-2021-3664
Medium Medium 5.3 CVE-2022-0512
Medium Medium 5.3 CVE-2022-0512
Medium Medium 5.3 CVE-2022-0639
Medium Medium 5.3 CVE-2022-0639

Release Notes

webpack/webpack-dev-server (webpack-dev-server)

v3.11.0

Compare Source

Features
Bug Fixes
3.10.3 (2020-02-05)
Bug Fixes
3.10.2 (2020-01-31)
Bug Fixes
3.10.1 (2019-12-19)
Bug Fixes

v3.10.3

Compare Source

v3.10.2

Compare Source

v3.10.1

Compare Source

v3.10.0

Compare Source

Features
  • client: allow sock port to use location's port (sockPort: 'location') (#​2341) (dc10d06)
  • server: add contentBasePublicPath option (#​2150) (cee700d)
Bug Fixes

v3.9.0

Compare Source

Bug Fixes
Features
3.8.2 (2019-10-02)
Security
  • update selfsigned package
3.8.1 (2019-09-16)
Bug Fixes

v3.8.2

Compare Source

v3.8.1

Compare Source

v3.8.0

Compare Source

Bug Fixes
Features
Potential Breaking changes

We have migrated serverMode and clientMode to transportMode as an experimental option. If you want to use this feature, you have to change your settings.

Related PR: https://github.com/webpack/webpack-dev-server/pull/2116

3.7.2 (2019-06-17)
Bug Fixes
3.7.1 (2019-06-07)
Bug Fixes
  • retry finding port when port is null and get ports in sequence (#​1993) (bc57514)

v3.7.2

Compare Source

v3.7.1

Compare Source

v3.7.0

Compare Source

Bug Fixes

v3.6.0

Compare Source

Bug Fixes
Features
3.5.1 (2019-06-01)
Bug Fixes

v3.5.1

Compare Source

v3.5.0

Compare Source

Bug Fixes
Features
3.4.1 (2019-05-17)
Bug Fixes

v3.4.1

Compare Source

v3.4.0

Compare Source

Bug Fixes
Features

v3.3.1

Compare Source

Bug Fixes

v3.3.0

Compare Source

Bug Fixes
Features

3.2.1 (2019-02-25)

Bug Fixes
  • deprecation message about setup now warning about v4 (#​1684) (523a6ec)
  • regression: allow ca, key and cert will be string (#​1676) (b8d5c1e)
  • regression: handle key, cert, cacert and pfx in CLI (#​1688) (4b2076c)
  • regression: problem with idb-connector after update internal-ip (#​1691) (eb48691)

3.1.14 (2018-12-24)

Bug Fixes

3.1.13 (2018-12-22)

Bug Fixes

3.1.12 (2018-12-22)

Bug Fixes

3.1.11 (2018-12-21)

Bug Fixes

3.1.10 (2018-10-23)

Bug Fixes

3.1.9 (2018-09-24)

3.1.8 (2018-09-06)

Bug Fixes
  • package: yargs security vulnerability (dependencies) (#​1492) (8fb67c9)
  • utils/createLogger: ensure quiet always takes precedence (options.quiet) (#​1486) (7a6ca47)

3.1.7 (2018-08-29)

Bug Fixes

3.1.6 (2018-08-26)

Bug Fixes
  • bin: handle process signals correctly when the server isn't ready yet (#​1432) (334c3a5)
  • examples/cli: correct template path in open-page example (#​1401) (df30727)
  • schema: allow the output filename to be a {Function} (#​1409) (e2220c4)

v3.2.1

Compare Source

Bug Fixes
  • deprecation message about setup now warning about v4 (#​1684) (523a6ec)
  • regression: allow ca, key and cert will be string (#​1676) (b8d5c1e)
  • regression: handle key, cert, cacert and pfx in CLI (#​1688) (4b2076c)
  • regression: problem with idb-connector after update internal-ip (#​1691) (eb48691)

v3.2.0

Compare Source

Bug Fixes
Features

v3.1.14

Compare Source

Bug Fixes

v3.1.13

Compare Source

Bug Fixes

v3.1.12

Compare Source

Bug Fixes

v3.1.11

Compare Source

Bug Fixes

v3.1.10

Compare Source

Bug Fixes

v3.1.9

Compare Source

3.1.9 (2018-09-24)

v3.1.8

Compare Source

Bug Fixes
  • package: yargs security vulnerability (dependencies) (#​1492) (8fb67c9)
  • utils/createLogger: ensure quiet always takes precedence (options.quiet) (#​1486) (7a6ca47)

v3.1.7

Compare Source

Bug Fixes

v3.1.6

Compare Source

Bug Fixes
  • bin: handle process signals correctly when the server isn't ready yet (#​1432) (334c3a5)
  • examples/cli: correct template path in open-page example (#​1401) (df30727)
  • schema: allow the output filename to be a {Function} (#​1409) (e2220c4)

v3.1.5

Compare Source

  • Send the Progress event in the client so plugins can use it (#​1427)
  • Update sockjs-client to fix infinite reconnection loop (#​1434)

v3.1.4

Compare Source

  • Update to webpack-dev-middleware 3.1.3, which should fix paths with a space not working on Windows (#​1392)
  • Fix logLevel option silent not being accepted by schema validation (#​1372)

v3.1.3

Compare Source

  • Fix HMR causing a crash when trying to reload

v3.1.2

Compare Source

  • Speed up incremental builds (#​1362)
  • Update webpack-dev-middleware to 3.1.2

v3.1.1

Compare Source

Bug Fixes

v3.1.0

Compare Source

Updates

  • Fancy logging; webpack-log is now used for logging to the terminal (webpack-dev-middleware was already using this).
  • The logLevel option is added for more fine-grained control over the logging.

Bugfixes

  • MultiCompiler was broken with webpack 4.
  • Fix deprecation warnings caused by webpack 4. Note that you will still see some deprecation warnings because webpack-dev-middleware has not been updated yet.

v3.0.0

Compare Source

Updates

  • Breaking change: webpack v4 is now supported. Older versions of webpack are not supported.
  • Breaking change: drops support for Node.js v4, going forward we only support v6+ (same as webpack).
  • webpack-dev-middleware updated to v2 (see changes).

Bugfixes

  • After starting webpack-dev-server with an error in your code, it would not reload the page after fixing that error (#​1317).
  • DynamicEntryPlugin is now supported correctly (#​1319).

Huge thanks to all the contributors!

Please note that webpack-serve will eventually be the successor of webpack-dev-server. The core features already work so if you're brave enough give it a try!

v2.11.5

Compare Source

v2.11.4

Compare Source

v2.11.3

Compare Source

v2.11.2

Compare Source

v2.11.1

Compare Source

Our third attempt to fix compatibility with old browsers (#​1273), this time we'll get it right.

v2.11.0

Compare Source

Version 2.11.0 adds the transpilation of the client scripts via babel to ES5 which restores backwards compatibility (that was removed in 2.8.0) to very old or out of date browsers.

v2.10.1

Compare Source

v2.10.0

Compare Source

Version 2.10.0 adds the transpilation of the client scripts via babel to ES5 which restores backwards compatibility (that was removed in 2.8.0) to very old or out of date browsers.

Important webpack-dev-server has entered a maintenance-only mode. We won't be accepting any new features or major modifications. We'll still welcome pull requests for fixes however, and will continue to address any bugs that arise. Announcement with specifics pending.

Bugfixes

  • iOS Safari 10 bug where SockJS couldn't be found (#​1238)
  • reportTime option (#​1209)
  • don't mutate stats configuration (#​1174)
  • enable progress from config (#​1181)

Updates

  • transpile client bundles with babel (#​1242)
  • dependency updates (ce30460)
  • Increase minimum marked version for ReDos vuln (#​1255)
  • Update sockjs dependency to fix auditjs security vulnerability warning

v2.9.7

Compare Source

v2.9.6

Compare Source

Bugfixes

  • fixes #​1208: watchOptions not passed to chokidar in wds

v2.9.5

Compare Source

Updates

v2.9.4

Compare Source

Bugfixes

  • assert ssl certs aren't published. fixes #​1171
  • fixes #​860: failure to exit on SIGINT race condition (#​1157)

v2.9.3

Compare Source

Bugfixes

  • Fixes #​1082, #​1142. bin file correctly prefers local module, uses it, and bails if local module detected.
  • Use dist/build sockjs-client instead of module source (#​1148)

v2.9.2

Compare Source

Bugfixes

Changed property descriptor for Array.includes polyfill (#​1134)

Updates

Remove header additional property validation (#​1115)
Allow explicitly setting the protocol from the public option (#​1117)
Updates readme with support, usage, and caveats (outlines no support for old IE)

v2.9.1

Compare Source

Patch release to resolve an errant log message in setup

v2.9.0

Compare Source

Note: Minor release due to addition of before and after hooks

Features

Deprecate setup in favor of before and after hooks (#​1108)

Bugfixes

Fixed check for webpack/hot/log when setting HMR log level. (#​1096)
fixes #​1109: internal-ip update breaks useLocalIp option
Fix quote style to satisfy ESLint (#​1098)

Updates

Made error overlay translucent. (#​1097)

v2.8.2

Compare Source

Bugfixes

fixes #​1087: yargs@8 causes error output with [email protected]
fixes #​1084: template literals causing errors on IE (#​1089) …
fixes #​1086: promise configs fix and example

Updates

add promise-config example

v2.8.1

Compare Source

Bugfixes

fixes #​1081, closes #​1079. addDevServerEndpoints needs app stub for createDomain
fixes #​1080 - jQuery update caused live bundle iframe issue
clean up progress option typo and options def

v2.8.0

Compare Source

Features

  • Print webpack progress to browser console (#​1063)
  • Disable hot reloading with query string (#​1068)

Bugfixes

  • Fixes issue #​1064 by switching to a named logger (#​1070)
  • Fix Broken Socket on Client for Custom/Random Port Numbers (#​1060)
  • Addresses #​998 to properly assign a random port and access the port assigned (#​1054)
  • Don't generate ssl cert when one is already specified via options (#​1036)
  • Fix for ./log module not found (#​1050)
  • Fixes #​1042: overlay doesn't clear if errors are fixed but warnings remain (#​1043)
  • Handle IPv6-addresses correctly in checkHost() (#​1026)

Updates

  • Allow --open option to specify the browser to use (#​825)
  • Adds requestCert support to the server
  • Code cleanup and ESLint + eslint-config-webpack (#​1058)
  • Include subjectAltName field in self-signed cert (#​987)

v2.7.1

Compare Source

v2.6.1

Compare Source

  • Move loglevel from devDependencies to dependencies #​1001

v2.6.0

Compare Source

  • Browser console messages now respect clientLogLevel (#​921).
  • Don't output startup info if quiet is set to true (#​970).
  • Only load Bonjour when needed (#​958).
  • Set HMR log level (#​926).
  • Do not show warnings @​ overlay unless explicitly set (#​881).
  • Add cli option --disable-host-check (#​980).

v2.5.1

Compare Source

Bugfixes

Fix peer dependencies to support webpack 3 ( #​946 ) ( Fixes #​932 )

v2.5.0

Compare Source

Security

Don't provide a SSL cert, but generate one on demand. Unique for each developer.

https://medium.com/[@​mikenorth/961572624c54](https://togithub.com/mikenorth/961572624c54) by Mike North

Bugfixes

  • allow port 0 again
  • add allowedHosts option
  • better check for WebWorker
  • add openPage option to open a specific page
  • add --bonjour
  • add lan option, which listen

@appcues-wss appcues-wss bot added the security fix Security fix generated by WhiteSource label Jun 16, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
security fix Security fix generated by WhiteSource
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants