chore(deps): update dependency webpack-dev-server to v3.1.11 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
webpack-dev-server	3.1.3 -> 3.1.11

GitHub Vulnerability Alerts

CVE-2018-14732

Versions of webpack-dev-server before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement (HMR) are not validated.

Recommendation

For webpack-dev-server update to version 3.1.11 or later.

---

Release Notes

webpack/webpack-dev-server (webpack-dev-server)

v3.1.11

Compare Source

Bug Fixes

• bin/options: correct check for color support (options.color) (#​1555) (55398b5)
• package: update spdy v3.4.1...4.0.0 (assertion error) (#​1491) (#​1563) (7a3a257)
• Server: correct node version checks (#​1543) (927a2b3)
• Server: mime type for wasm in contentBase directory (#​1575) (#​1580) (fadae5d)
• add url for compatibility with webpack@5 (#​1598) (#​1599) (68dd49a)
• check origin header for websocket connection (#​1603) (b3217ca)

v3.1.10

Compare Source

Bug Fixes

• options: add writeToDisk option to schema (#​1520) (d2f4902)
• package: update sockjs-client v1.1.5...1.3.0 (url-parse vulnerability) (#​1537) (e719959)
• Server: set tls.DEFAULT_ECDH_CURVE to 'auto' (#​1531) (c12def3)

v3.1.9

Compare Source

3.1.9 (2018-09-24)

v3.1.8

Compare Source

Bug Fixes

• package: yargs security vulnerability (dependencies) (#​1492) (8fb67c9)
• utils/createLogger: ensure quiet always takes precedence (options.quiet) (#​1486) (7a6ca47)

v3.1.7

Compare Source

Bug Fixes

• Server: don't use spdy on node >= v10.0.0 (#​1451) (8ab9eb6)

v3.1.6

Compare Source

Bug Fixes

• bin: handle process signals correctly when the server isn't ready yet (#​1432) (334c3a5)
• examples/cli: correct template path in open-page example (#​1401) (df30727)
• schema: allow the output filename to be a {Function} (#​1409) (e2220c4)

v3.1.5

Compare Source

• Send the Progress event in the client so plugins can use it (#​1427)
• Update sockjs-client to fix infinite reconnection loop (#​1434)

v3.1.4

Compare Source

• Update to webpack-dev-middleware 3.1.3, which should fix paths with a space not working on Windows (#​1392)
• Fix logLevel option silent not being accepted by schema validation (#​1372)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock

Error response from daemon: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit