Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency webpack-dev-server to v3 [SECURITY] - autoclosed #1026

Closed
wants to merge 1 commit into from
Closed

Update dependency webpack-dev-server to v3 [SECURITY] - autoclosed #1026

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 4, 2023

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
webpack-dev-server 2.11.5 -> 3.1.11 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2018-14732

Versions of webpack-dev-server before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement (HMR) are not validated.

Recommendation

For webpack-dev-server update to version 3.1.11 or later.

Release Notes

webpack/webpack-dev-server (webpack-dev-server)

v3.1.11

Compare Source

Bug Fixes

v3.1.10

Compare Source

Bug Fixes

v3.1.9

Compare Source

3.1.9 (2018-09-24)

v3.1.8

Compare Source

Bug Fixes
  • package: yargs security vulnerability (dependencies) (#​1492) (8fb67c9)
  • utils/createLogger: ensure quiet always takes precedence (options.quiet) (#​1486) (7a6ca47)

v3.1.7

Compare Source

Bug Fixes

v3.1.6

Compare Source

Bug Fixes
  • bin: handle process signals correctly when the server isn't ready yet (#​1432) (334c3a5)
  • examples/cli: correct template path in open-page example (#​1401) (df30727)
  • schema: allow the output filename to be a {Function} (#​1409) (e2220c4)

v3.1.5

Compare Source

  • Send the Progress event in the client so plugins can use it (#​1427)
  • Update sockjs-client to fix infinite reconnection loop (#​1434)

v3.1.4

Compare Source

  • Update to webpack-dev-middleware 3.1.3, which should fix paths with a space not working on Windows (#​1392)
  • Fix logLevel option silent not being accepted by schema validation (#​1372)

v3.1.3

Compare Source

  • Fix HMR causing a crash when trying to reload

v3.1.2

Compare Source

  • Speed up incremental builds (#​1362)
  • Update webpack-dev-middleware to 3.1.2

v3.1.1

Compare Source

Bug Fixes

v3.1.0

Compare Source

Updates

  • Fancy logging; webpack-log is now used for logging to the terminal (webpack-dev-middleware was already using this).
  • The logLevel option is added for more fine-grained control over the logging.

Bugfixes

  • MultiCompiler was broken with webpack 4.
  • Fix deprecation warnings caused by webpack 4. Note that you will still see some deprecation warnings because webpack-dev-middleware has not been updated yet.

v3.0.0

Compare Source

Updates

  • Breaking change: webpack v4 is now supported. Older versions of webpack are not supported.
  • Breaking change: drops support for Node.js v4, going forward we only support v6+ (same as webpack).
  • webpack-dev-middleware updated to v2 (see changes).

Bugfixes

  • After starting webpack-dev-server with an error in your code, it would not reload the page after fixing that error (#​1317).
  • DynamicEntryPlugin is now supported correctly (#​1319).

Huge thanks to all the contributors!

Please note that webpack-serve will eventually be the successor of webpack-dev-server. The core features already work so if you're brave enough give it a try!

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot force-pushed the renovate/npm-webpack-dev-server-vulnerability branch 2 times, most recently from 4a3a8ac to a9512e7 Compare August 4, 2023 16:36
@renovate
Copy link
Contributor Author

renovate bot commented Aug 4, 2023
edited
Loading

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pils-frontend/package-lock.json
/usr/local/bin/docker: line 4: .: filename argument required
.: usage: . filename [arguments]
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR! 
npm ERR! While resolving: undefined@undefined
npm ERR! Found: [email protected]
npm ERR! node_modules/webpack
npm ERR!   dev webpack@"3.12.0" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer webpack@"^4.0.0" from [email protected]
npm ERR! node_modules/webpack-dev-server
npm ERR!   dev webpack-dev-server@"3.1.11" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! 
npm ERR! For a full report see:
npm ERR! /tmp/worker/1b4392/3a0723/cache/others/npm/_logs/2023-08-07T19_44_57_423Z-eresolve-report.txt

npm ERR! A complete log of this run can be found in: /tmp/worker/1b4392/3a0723/cache/others/npm/_logs/2023-08-07T19_44_57_423Z-debug-0.log

@oscrx oscrx force-pushed the main branch 2 times, most recently from 9381ad9 to 08e8e7a Compare August 4, 2023 23:37
@renovate renovate bot changed the title Update dependency webpack-dev-server to v3 [SECURITY] Update dependency webpack-dev-server to v3 [SECURITY] - autoclosed Aug 4, 2023
@renovate renovate bot closed this Aug 4, 2023
@renovate renovate bot deleted the renovate/npm-webpack-dev-server-vulnerability branch August 4, 2023 23:54
@renovate renovate bot changed the title Update dependency webpack-dev-server to v3 [SECURITY] - autoclosed Update dependency webpack-dev-server to v3 [SECURITY] Aug 5, 2023
@renovate renovate bot reopened this Aug 5, 2023
@renovate renovate bot restored the renovate/npm-webpack-dev-server-vulnerability branch August 5, 2023 01:28
@renovate renovate bot force-pushed the renovate/npm-webpack-dev-server-vulnerability branch from a9512e7 to e0dac14 Compare August 5, 2023 01:30
@oscrx oscrx force-pushed the main branch 3 times, most recently from 30c2322 to 255c6ae Compare August 5, 2023 01:48
@renovate renovate bot changed the title Update dependency webpack-dev-server to v3 [SECURITY] Update dependency webpack-dev-server to v3 [SECURITY] - autoclosed Aug 5, 2023
@renovate renovate bot closed this Aug 5, 2023
@renovate renovate bot deleted the renovate/npm-webpack-dev-server-vulnerability branch August 5, 2023 02:22
@renovate renovate bot changed the title Update dependency webpack-dev-server to v3 [SECURITY] - autoclosed Update dependency webpack-dev-server to v3 [SECURITY] Aug 5, 2023
@renovate renovate bot reopened this Aug 5, 2023
@renovate renovate bot restored the renovate/npm-webpack-dev-server-vulnerability branch August 5, 2023 12:11
@renovate renovate bot force-pushed the renovate/npm-webpack-dev-server-vulnerability branch from e0dac14 to 43e0bac Compare August 5, 2023 12:12
@oscrx oscrx force-pushed the main branch 3 times, most recently from f9236fa to 1ac6805 Compare August 5, 2023 12:27
@renovate renovate bot force-pushed the renovate/npm-webpack-dev-server-vulnerability branch from 43e0bac to 9324dea Compare August 5, 2023 12:58
@renovate renovate bot force-pushed the renovate/npm-webpack-dev-server-vulnerability branch from 9324dea to 265ef8a Compare August 5, 2023 13:54
@codecov
Copy link

codecov bot commented Aug 5, 2023
edited
Loading

Codecov Report

Patch and project coverage have no change.

Comparison is base (85cc939) 22.34% compared to head (636c844) 22.34%.
Report is 2 commits behind head on main.

❗ Current head 636c844 differs from pull request most recent head 977c8dc. Consider uploading reports for the commit 977c8dc to get more accurate results

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1026   +/-   ##
=======================================
  Coverage   22.34%   22.34%           
=======================================
  Files          14       14           
  Lines         179      179           
  Branches       21       21           
=======================================
  Hits           40       40           
  Misses        121      121           
  Partials       18       18

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@renovate renovate bot force-pushed the renovate/npm-webpack-dev-server-vulnerability branch from 265ef8a to 97af751 Compare August 5, 2023 16:54
@renovate renovate bot force-pushed the renovate/npm-webpack-dev-server-vulnerability branch 2 times, most recently from 93133b8 to 92c232d Compare August 6, 2023 23:31
@oscrx oscrx force-pushed the main branch 3 times, most recently from 4e06394 to 369bee3 Compare August 6, 2023 23:53
@renovate renovate bot force-pushed the renovate/npm-webpack-dev-server-vulnerability branch 5 times, most recently from 6dd691b to 636c844 Compare August 7, 2023 03:19
@oscrx oscrx force-pushed the main branch 2 times, most recently from 887a911 to 0984725 Compare August 7, 2023 03:23
@renovate renovate bot force-pushed the renovate/npm-webpack-dev-server-vulnerability branch 8 times, most recently from 0078d82 to b864524 Compare August 7, 2023 18:21
@renovate renovate bot force-pushed the renovate/npm-webpack-dev-server-vulnerability branch 2 times, most recently from 9e2e4a6 to a9291d4 Compare August 7, 2023 19:24
@renovate renovate bot force-pushed the renovate/npm-webpack-dev-server-vulnerability branch from a9291d4 to 977c8dc Compare August 7, 2023 19:45
@sonarcloud
Copy link

sonarcloud bot commented Aug 7, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@renovate renovate bot changed the title Update dependency webpack-dev-server to v3 [SECURITY] Update dependency webpack-dev-server to v3 [SECURITY] - autoclosed Aug 8, 2023
@renovate renovate bot closed this Aug 8, 2023
@renovate renovate bot deleted the renovate/npm-webpack-dev-server-vulnerability branch August 8, 2023 21:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants