Update dependency webpack-dev-server to v4 (dev)

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
webpack-dev-server	dependencies	major	3.7.2 -> 4.7.3

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
High	7.5	CVE-2020-28469	#234
High	7.5	CVE-2021-23424	#232
High	7.5	CVE-2022-24771	#245
High	7.5	CVE-2022-24772	#243
Medium	6.6	WS-2022-0008	#219
Medium	6.1	CVE-2022-0122	#249
Medium	5.3	CVE-2020-7608	#255
Medium	5.3	CVE-2020-7693	#215
Medium	5.3	CVE-2022-24773	#242

---

Release Notes

webpack/webpack-dev-server

v4.7.3

Compare Source

v4.7.2

Compare Source

v4.7.1

Compare Source

v4.7.0

Compare Source

Features

• added the setupMiddlewares option and deprecated onAfterSetupMiddleware and onBeforeSetupMiddleware options (#​4068) (c13aa56)
• added types (8f02c3f)
• show deprecation warning for cacert option (#​4115) (c73ddfb)

Bug Fixes

• add description for watchFiles options (#​4057) (75f3817)
• allow passing options for custom server (#​4110) (fc8bed9)
• correct schema for ClientLogging (#​4084) (9b7ae7b)
• mark --open-app deprecated in favor of --open-app-name (#​4091) (693c28a)
• show deprecation warning for both https and http2 (#​4069) (d8d5d71)
• update --web-socket-server description (#​4098) (65955e9)
• update listen and close deprecation warning message (#​4097) (b217a19)
• update descriptions of https and server options (#​4094) (f97c9e2)

v4.6.0

Compare Source

Features

• allow to pass all chokidar options (#​4025) (5026601)

Bug Fixes

• reconnection logic (#​4044) (9b32c96)
• reload on warnings (#​4056) (1ba9720)

v4.5.0

Compare Source

Features

• add --web-socket-server-type option for CLI (#​4001) (17c390a)
• show deprecation warning for https/http2 option, migration guide for https and migration guide for http2 (because we use spdy for http2 due express doesn't support http2) (#​4003) (521cf85)

Bug Fixes

• infinity refresh on warnings (#​4006) (10da223)
• invalid host message is missing on client with https (#​3997) (#​3998) (ff0869c)
• remove process listeners after stopping the server (#​4013) (d198e4e)

v4.4.0

Compare Source

Features

• added the server option, now you can pass server options, example { server: { type: 'http', options: { maxHeaderSize: 32768 } } }, available options for http and https, note - for http2 is used spdy, options specified in the server.options option take precedence over https/http2 options (#​3940) (a70a7ef)
• added the client.reconnect option (#​3912) (5edad76)
• improve error handling within startCallback and endCallback (#​3969) (b0928ac)

Bug Fixes

• schema for web socket server type (#​3913) (f6aa6f7)
• typo in SSL information log (#​3939) (4c6103b)

4.3.1 (2021-10-04)

Bug Fixes

• perf (#​3906) (f6e2a19)

v4.3.1

Compare Source

v4.3.0

Compare Source

Features

• allow array for headers option (#​3847) (9911437)
• gracefully and force shutdown (#​3880) (db24b16)

Bug Fixes

• avoid web socket connection when web socket server is not running (#​3879) (8874d72)
• display file name for warnings/errors in overlay (#​3867) (d20def5)
• formatting errors/warnings (#​3877) (f0dbea0)
• handle 0 value of the port option property (ed67f66)

4.2.1 (2021-09-13)

Bug Fixes

• infinity loop for multi compiler mode (#​3840) (e019bd2)
• reloading logic for multi compiler mode (#​3841) (ef148ec)

4.2.0 (2021-09-09)

Features

• added the http.ca option (CLI option added too) (should be used instead cacert, because we will remove it in the next major release in favor the https.ca option)
• added the https.crl option (CLI options added too), more information
• https.ca/https.cacert/ https.cert/https.crl/https.key/https.pfx options are now accept Arrays of Buffer/string/Path to file, using --https-*-reset CLI options you can reset these options
• https.pfx/https.key can be Object[], more information
• https options can now accept custom options, you can use:

module.exports = {
  // Other options
  devServer: {
    https: {
      // Allow to set additional TSL options https://nodejs.org/api/tls.html#tls_tls_createsecurecontext_options
      minVersion: "TLSv1.1",
      ca: path.join(httpsCertificateDirectory, "ca.pem"),
      pfx: path.join(httpsCertificateDirectory, "server.pfx"),
      key: path.join(httpsCertificateDirectory, "server.key"),
      cert: path.join(httpsCertificateDirectory, "server.crt"),
      passphrase: "webpack-dev-server",
    },
  }
};

Bug Fixes

• accept connections with file: and chrome-extensions: protocol by default (#​3822) (138f064)
• close overlay on disconnection (#​3825) (011bcf1)
• respect https.cacert option (#​3820) (0002ebf)

4.1.1 (2021-09-07)

Bug Fixes

• improve the description of the magicHtml option (#​3772) (b80610f)
• replace ansi-html with ansi-html-community to avoid CVE (#​3801) (36fd214)

v4.2.1

Compare Source

v4.2.0

Compare Source

v4.1.1

Compare Source

v4.1.0

Compare Source

Features

• added the magicHtml option (#​3717) (4831f58)
• allow to set hot and live-reload for client using search params (1c57680)
• show warning when the hot option is enabled with the HMR plugin in config (#​3744) (6cb1e4e)

Bug Fixes

• change log type of Disconnected! to info (fde27f5)
• handle --allowed-hosts all correctly (#​3720) (326ed56)
• output documentation link on errors (#​3680) (e16221b)
• respect the bypass option with target/router options for proxy (b5dd568)

v4.0.0

Compare Source

v3.11.3

Compare Source

3.11.3 (2021-11-08)

Bug Fixes

• replace ansi-html with ansi-html-community (#​4011) (4fef67b)

v3.11.2

Compare Source

3.11.2 (2021-01-13)

Bug Fixes

• cli arguments for serve command (a5fe337)

v3.11.1

Compare Source

3.11.1 (2020-12-29)

Bug Fixes

• the open option works using webpack serve without value (#​2948) (4837dc9)
• vulnerable deps (#​2949) (78dde50)

v3.11.0

Compare Source

Features

• add icons for directory viewer (#​2441) (e953d01)
• allow multiple contentBasePublicPath paths (#​2489) (c6bdfe4)
• emit progress-update (#​2498) (4808abd), closes #​1666
• add invalidate endpoint (#​2493) (89ffb86)
• allow open option to accept an object (#​2492) (adeb92e)

Bug Fixes

• do not swallow errors from server (#​2512) (06583f2)
• security vulnerability in yargs-parser (#​2566) (41d1d0c)
• don't crash on setupExitSignals(undefined) (#​2507) (0d5c681)
• support entry descriptor (closes #​2453) (#​2465) (8bbef6a)
• update jquery (#​2516) (99ccfd8)

3.10.3 (2020-02-05)

Bug Fixes

• forward error requests to the proxy (#​2425) (e291cd4)

3.10.2 (2020-01-31)

Bug Fixes

• fallthrough non GET and HEAD request to routes (#​2374) (ebe8eca)
• add an optional peer dependency on webpack-cli (#​2396) (aa365df)
• add heartbeat for the websocket server (#​2404) (1a7c827)

3.10.1 (2019-12-19)

Bug Fixes

• ie11 compatibility (1306abe)

v3.10.3

Compare Source

v3.10.2

Compare Source

v3.10.1

Compare Source

v3.10.0

Compare Source

Features

• client: allow sock port to use location's port (sockPort: 'location') (#​2341) (dc10d06)
• server: add contentBasePublicPath option (#​2150) (cee700d)

Bug Fixes

• client: don't override protocol for socket connection to 127.0.0.1 (#​2303) (3a31917), closes #​2302
• server: respect sockPath on transportMode: 'ws' (#​2310) (#​2311) (e188542)
• https on chrome linux (#​2330) (dc8b475)
• support webpack@5 (#​2359) (8f89c01)

v3.9.0

Compare Source

Bug Fixes

• add hostname and port to bonjour name to prevent name collisions (#​2276) (d8af2d9)
• add extKeyUsage to self-signed cert (#​2274) (a4dbc3b)

Features

• add multiple openPage support (#​2266) (c9e9178)

3.8.2 (2019-10-02)

Security

• update selfsigned package

3.8.1 (2019-09-16)

Bug Fixes

• add null check for connection.headers (#​2200) (7964997)
• false positive for an absolute path in the ContentBase option on windows (#​2202) (68ecf78)
• add status in quiet log level (#​2235) (7e2224e)
• scriptHost in client (#​2246) (00903f6)

v3.8.2

Compare Source

v3.8.1

Compare Source

v3.8.0

Compare Source

Bug Fixes

• server: fix setupExitSignals usage (#​2181) (bbe410e)
• server: set port before instantiating server (#​2143) (cfbf229)
• check for name of HotModuleReplacementPlugin to avoid RangeError (#​2146) (4579775)
• server: check for external urls in array (#​1980) (fa78347)
• server: fix header check for socket server (#​2077) (7f51859)
• server: stricter headers security check (#​2092) (078ddca)

Features

• server: add transportMode (#​2116) (b5b9cb4)
• server: serverMode 'ws' option (#​2082) (04483f4)
• server/client: made progress option available to API (#​1961) (56274e4)

Potential Breaking changes

We have migrated serverMode and clientMode to transportMode as an experimental option. If you want to use this feature, you have to change your settings.

Related PR: https://github.com/webpack/webpack-dev-server/pull/2116

3.7.2 (2019-06-17)

Bug Fixes

• client: add default fallback for client (#​2015) (d26b444)
• open: set wait: false to run server.close successfully (#​2001) (2b4cb52)
• test: fixed ProvidePlugin.test.js (#​2002) (47453cb)

3.7.1 (2019-06-07)

Bug Fixes

• retry finding port when port is null and get ports in sequence (#​1993) (bc57514)

---

• If you want to rebase/retry this PR, check this box