-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update dependency webpack-dev-server to v3.1.11 [security] #119
Open
renovate
wants to merge
1
commit into
master
Choose a base branch
from
renovate/npm-webpack-dev-server-vulnerability
base: master
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
2 times, most recently
from
May 7, 2020 21:58
900e045
to
b0aa329
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
May 15, 2020 07:57
b0aa329
to
f7bc1c7
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
4 times, most recently
from
June 19, 2020 07:35
1871393
to
75fd984
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
June 24, 2020 10:55
75fd984
to
8717a59
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
9 times, most recently
from
July 13, 2020 18:15
7a182b9
to
d4bff60
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
4 times, most recently
from
July 24, 2020 19:46
3d9094d
to
53e82b7
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
3 times, most recently
from
August 4, 2020 06:29
ef29903
to
c2f15a4
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
2 times, most recently
from
August 13, 2020 18:07
bec81d7
to
c7dc228
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
August 27, 2020 06:56
c7dc228
to
c5bcf78
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
October 26, 2020 08:56
c5bcf78
to
2a09b98
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
November 27, 2020 06:52
2a09b98
to
20e51cb
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
December 10, 2020 12:57
20e51cb
to
a44f09c
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
2 times, most recently
from
January 10, 2021 13:53
ff0fed6
to
f8d2eab
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
January 22, 2021 18:00
f8d2eab
to
b4122dd
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
January 30, 2021 21:00
b4122dd
to
b1cc8c2
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
2 times, most recently
from
February 10, 2021 18:54
1fb5596
to
bafd3fb
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
April 26, 2021 12:44
bafd3fb
to
4f3cfbc
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
May 9, 2021 20:40
4f3cfbc
to
d1c9f5d
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
March 7, 2022 09:51
d1c9f5d
to
c1ef44b
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
March 26, 2022 12:09
c1ef44b
to
5ee021d
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
April 24, 2022 21:15
5ee021d
to
80fd213
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
May 15, 2022 20:32
80fd213
to
737f362
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
2 times, most recently
from
June 23, 2022 19:37
8ff2593
to
4aa8b1d
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
September 25, 2022 12:23
4aa8b1d
to
44cc3bb
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
November 20, 2022 18:43
44cc3bb
to
545bf9b
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
March 16, 2023 08:05
545bf9b
to
67b1744
Compare
⚠ Artifact update problemRenovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is. ♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below: File name: yarn.lock
|
renovate
bot
force-pushed
the
renovate/npm-webpack-dev-server-vulnerability
branch
from
March 24, 2023 23:43
67b1744
to
6fc285b
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
None yet
0 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
3.1.3
->3.1.11
GitHub Vulnerability Alerts
CVE-2018-14732
Versions of
webpack-dev-server
before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement (HMR) are not validated.Recommendation
For
webpack-dev-server
update to version 3.1.11 or later.Release Notes
webpack/webpack-dev-server (webpack-dev-server)
v3.1.11
Compare Source
Bug Fixes
options.color
) (#1555) (55398b5)spdy
v3.4.1...4.0.0 (assertion error) (#1491) (#1563) (7a3a257)node
version checks (#1543) (927a2b3)v3.1.10
Compare Source
Bug Fixes
writeToDisk
option to schema (#1520) (d2f4902)sockjs-client
v1.1.5...1.3.0 (url-parse
vulnerability) (#1537) (e719959)tls.DEFAULT_ECDH_CURVE
to'auto'
(#1531) (c12def3)v3.1.9
Compare Source
3.1.9 (2018-09-24)
v3.1.8
Compare Source
Bug Fixes
yargs
security vulnerability (dependencies
) (#1492) (8fb67c9)quiet
always takes precedence (options.quiet
) (#1486) (7a6ca47)v3.1.7
Compare Source
Bug Fixes
spdy
onnode >= v10.0.0
(#1451) (8ab9eb6)v3.1.6
Compare Source
Bug Fixes
process
signals correctly when the server isn't ready yet (#1432) (334c3a5)open-page
example (#1401) (df30727)output
filename to be a{Function}
(#1409) (e2220c4)v3.1.5
Compare Source
Progress
event in the client so plugins can use it (#1427)sockjs-client
to fix infinite reconnection loop (#1434)v3.1.4
Compare Source
logLevel
optionsilent
not being accepted by schema validation (#1372)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.