chore(deps): update dependency webpack-dev-server to v3 [security]

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	References
webpack-dev-server	devDependencies	major	2.11.3 -> 3.3.1	source

GitHub Vulnerability Alerts

CVE-2018-14732

An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.11. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:8080/ connection from any origin.

---

Release Notes

webpack/webpack-dev-server

v3.3.1

Compare Source

Bug Fixes

• regression: always get necessary stats for hmr (#​1780) (66b04a9)
• regression: host and port can be undefined or null (#​1779) (028ceee)
• only add entries after compilers have been created (#​1774) (b31cbaa)

v3.3.0

Compare Source

Bug Fixes

• compatibility with [email protected] (#​1754) (fd7cb0d)
• ignore proxy when bypass return false (#​1696) (aa7de77)
• respect stats option from webpack config (#​1665) (efaa740)
• use location.port when location.hostname is used to infer HMR socket URL (#​1664) (2f7f052)
• don't crash with express.static.mime.types (#​1765) (919ff77)

Features

• add option "serveIndex" to enable/disable serveIndex middleware (#​1752) (d5d60cb)
• add webpack as argument to before and after options (#​1760) (0984d4b)
• http2 option to enable/disable HTTP/2 with HTTPS (#​1721) (dcd2434)
• random port retry logic (#​1692) (419f02e)
• relax depth limit from chokidar for content base (#​1697) (7ea9ab9)

3.2.1 (2019-02-25)

Bug Fixes

• deprecation message about setup now warning about v4 (#​1684) (523a6ec)
• regression: allow ca, key and cert will be string (#​1676) (b8d5c1e)
• regression: handle key, cert, cacert and pfx in CLI (#​1688) (4b2076c)
• regression: problem with idb-connector after update internal-ip (#​1691) (eb48691)

3.1.14 (2018-12-24)

Bug Fixes

• add workaround for Origin header in sockjs (#​1608) (1dfd4fb)

3.1.13 (2018-12-22)

Bug Fixes

• delete a comma for Node.js <= v7.x (#​1609) (0bab1c0)

3.1.12 (2018-12-22)

Bug Fixes

• regression in checkHost for checking Origin header (#​1606) (8bb3ca8)

3.1.11 (2018-12-21)

Bug Fixes

• bin/options: correct check for color support (options.color) (#​1555) (55398b5)
• package: update spdy v3.4.1...4.0.0 (assertion error) (#​1491) (#​1563) (7a3a257)
• Server: correct node version checks (#​1543) (927a2b3)
• Server: mime type for wasm in contentBase directory (#​1575) (#​1580) (fadae5d)
• add url for compatibility with webpack@5 (#​1598) (#​1599) (68dd49a)
• check origin header for websocket connection (#​1603) (b3217ca)

3.1.10 (2018-10-23)

Bug Fixes

• options: add writeToDisk option to schema (#​1520) (d2f4902)
• package: update sockjs-client v1.1.5...1.3.0 (url-parse vulnerability) (#​1537) (e719959)
• Server: set tls.DEFAULT_ECDH_CURVE to 'auto' (#​1531) (c12def3)

3.1.9 (2018-09-24)

3.1.8 (2018-09-06)

Bug Fixes

• package: yargs security vulnerability (dependencies) (#​1492) (8fb67c9)
• utils/createLogger: ensure quiet always takes precedence (options.quiet) (#​1486) (7a6ca47)

3.1.7 (2018-08-29)

Bug Fixes

• Server: don't use spdy on node >= v10.0.0 (#​1451) (8ab9eb6)

3.1.6 (2018-08-26)

Bug Fixes

• bin: handle process signals correctly when the server isn't ready yet (#​1432) (334c3a5)
• examples/cli: correct template path in open-page example (#​1401) (df30727)
• schema: allow the output filename to be a {Function} (#​1409) (e2220c4)

v3.2.1

Compare Source

Bug Fixes

• compatibility with [email protected] (#​1754) (fd7cb0d)
• ignore proxy when bypass return false (#​1696) (aa7de77)
• respect stats option from webpack config (#​1665) (efaa740)
• use location.port when location.hostname is used to infer HMR socket URL (#​1664) (2f7f052)
• don't crash with express.static.mime.types (#​1765) (919ff77)

Features

• add option "serveIndex" to enable/disable serveIndex middleware (#​1752) (d5d60cb)
• add webpack as argument to before and after options (#​1760) (0984d4b)
• http2 option to enable/disable HTTP/2 with HTTPS (#​1721) (dcd2434)
• random port retry logic (#​1692) (419f02e)
• relax depth limit from chokidar for content base (#​1697) (7ea9ab9)

3.2.1 (2019-02-25)

Bug Fixes

• deprecation message about setup now warning about v4 (#​1684) (523a6ec)
• regression: allow ca, key and cert will be string (#​1676) (b8d5c1e)
• regression: handle key, cert, cacert and pfx in CLI (#​1688) (4b2076c)
• regression: problem with idb-connector after update internal-ip (#​1691) (eb48691)

3.1.14 (2018-12-24)

Bug Fixes

• add workaround for Origin header in sockjs (#​1608) (1dfd4fb)

3.1.13 (2018-12-22)

Bug Fixes

• delete a comma for Node.js <= v7.x (#​1609) (0bab1c0)

3.1.12 (2018-12-22)

Bug Fixes

• regression in checkHost for checking Origin header (#​1606) (8bb3ca8)

3.1.11 (2018-12-21)

Bug Fixes

• bin/options: correct check for color support (options.color) (#​1555) (55398b5)
• package: update spdy v3.4.1...4.0.0 (assertion error) (#​1491) (#​1563) (7a3a257)
• Server: correct node version checks (#​1543) (927a2b3)
• Server: mime type for wasm in contentBase directory (#​1575) (#​1580) (fadae5d)
• add url for compatibility with webpack@5 (#​1598) (#​1599) (68dd49a)
• check origin header for websocket connection (#​1603) (b3217ca)

3.1.10 (2018-10-23)

Bug Fixes

• options: add writeToDisk option to schema (#​1520) (d2f4902)
• package: update sockjs-client v1.1.5...1.3.0 (url-parse vulnerability) (#​1537) (e719959)
• Server: set tls.DEFAULT_ECDH_CURVE to 'auto' (#​1531) (c12def3)

3.1.9 (2018-09-24)

3.1.8 (2018-09-06)

Bug Fixes

• package: yargs security vulnerability (dependencies) (#​1492) (8fb67c9)
• utils/createLogger: ensure quiet always takes precedence (options.quiet) (#​1486) (7a6ca47)

3.1.7 (2018-08-29)

Bug Fixes

• Server: don't use spdy on node >= v10.0.0 (#​1451) (8ab9eb6)

3.1.6 (2018-08-26)

Bug Fixes

• bin: handle process signals correctly when the server isn't ready yet (#​1432) (334c3a5)
• examples/cli: correct template path in open-page example (#​1401) (df30727)
• schema: allow the output filename to be a {Function} (#​1409) (e2220c4)

v3.2.0

Compare Source

Bug Fixes

• deprecation message about setup now warning about v4 (#​1684) (523a6ec)
• regression: allow ca, key and cert will be string (#​1676) (b8d5c1e)
• regression: handle key, cert, cacert and pfx in CLI (#​1688) (4b2076c)
• regression: problem with idb-connector after update internal-ip (#​1691) (eb48691)

v3.1.14

Compare Source

Bug Fixes

• add workaround for Origin header in sockjs (#​1608) (1dfd4fb)

v3.1.13

Compare Source

Bug Fixes

• add workaround for Origin header in sockjs (#​1608) (1dfd4fb)

v3.1.12

Compare Source

Bug Fixes

• delete a comma for Node.js <= v7.x (#​1609) (0bab1c0)

v3.1.11

Compare Source

Bug Fixes

• regression in checkHost for checking Origin header (#​1606) (8bb3ca8)

---

Renovate configuration

📅 Schedule: "" in timezone Europe/Paris.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR is stale, or if you modify the PR title to begin with "rebase!".

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot. View repository job log here.

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 3.x releases. But if you manually upgrade to 3.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.