vue-canvas-nest
vue-canvas-nest copied to clipboard
ZYSzys
chore(deps): update dependency webpack-dev-server to v3 [security] - abandoned
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| webpack-dev-server | 2.11.5 -> 3.1.11 |
GitHub Vulnerability Alerts
CVE-2018-14732
Versions of webpack-dev-server before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement (HMR) are not validated.
Recommendation
For webpack-dev-server update to version 3.1.11 or later.
Release Notes
webpack/webpack-dev-server
v3.1.11
Bug Fixes
- bin/options: correct check for color support (
options.color) (#1555) (55398b5) - package: update
spdyv3.4.1...4.0.0 (assertion error) (#1491) (#1563) (7a3a257) - Server: correct
nodeversion checks (#1543) (927a2b3) - Server: mime type for wasm in contentBase directory (#1575) (#1580) (fadae5d)
- add url for compatibility with webpack@5 (#1598) (#1599) (68dd49a)
- check origin header for websocket connection (#1603) (b3217ca)
v3.1.10
Bug Fixes
- options: add
writeToDiskoption to schema (#1520) (d2f4902) - package: update
sockjs-clientv1.1.5...1.3.0 (url-parsevulnerability) (#1537) (e719959) - Server: set
tls.DEFAULT_ECDH_CURVEto'auto'(#1531) (c12def3)
v3.1.9
3.1.9 (2018-09-24)
v3.1.8
Bug Fixes
- package:
yargssecurity vulnerability (dependencies) (#1492) (8fb67c9) - utils/createLogger: ensure
quietalways takes precedence (options.quiet) (#1486) (7a6ca47)
v3.1.7
Bug Fixes
v3.1.6
Bug Fixes
- bin: handle
processsignals correctly when the server isn't ready yet (#1432) (334c3a5) - examples/cli: correct template path in
open-pageexample (#1401) (df30727) - schema: allow the
outputfilename to be a{Function}(#1409) (e2220c4)
v3.1.5
- Send the
Progressevent in the client so plugins can use it (#1427) - Update
sockjs-clientto fix infinite reconnection loop (#1434)
v3.1.4
- Update to webpack-dev-middleware 3.1.3, which should fix paths with a space not working on Windows (#1392)
- Fix
logLeveloptionsilentnot being accepted by schema validation (#1372)
v3.1.3
- Fix HMR causing a crash when trying to reload
v3.1.2
- Speed up incremental builds (#1362)
- Update webpack-dev-middleware to 3.1.2
v3.1.1
Bug Fixes
v3.1.0
Updates
- Fancy logging;
webpack-logis now used for logging to the terminal (webpack-dev-middleware was already using this). - The
logLeveloption is added for more fine-grained control over the logging.
Bugfixes
- MultiCompiler was broken with webpack 4.
- Fix deprecation warnings caused by webpack 4. Note that you will still see some deprecation warnings because webpack-dev-middleware has not been updated yet.
v3.0.0
Updates
- Breaking change: webpack v4 is now supported. Older versions of webpack are not supported.
- Breaking change: drops support for Node.js v4, going forward we only support v6+ (same as webpack).
- webpack-dev-middleware updated to v2 (see changes).
Bugfixes
- After starting webpack-dev-server with an error in your code, it would not reload the page after fixing that error (#1317).
- DynamicEntryPlugin is now supported correctly (#1319).
Huge thanks to all the contributors!
Please note that webpack-serve will eventually be the successor of webpack-dev-server. The core features already work so if you're brave enough give it a try!
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}
Edited/Blocked Notification
Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.
You can manually request rebase by checking the rebase/retry box above.
⚠️ Warning: custom changes will be lost.