[Snyk] Security upgrade webpack-dev-server from 2.9.3 to 3.1.10

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • examples/react-babel-allowjs/package.json
  • examples/react-babel-allowjs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: webpack-dev-server

The new version differs by 131 commits.

• fe3219f chore(release): 3.1.10
• c12def3 fix(Server): set `tls.DEFAULT_ECDH_CURVE` to `'auto'` (chore(deps): bump loader-utils from 1.4.0 to 1.4.2 TypeStrong/ts-loader#1531)
• e719959 fix(package): update `sockjs-client` v1.1.5...1.3.0 (`url-parse` vulnerability) (chore(deps): bump minimatch from 3.0.4 to 3.1.2 in /test/execution-tests/babel-es2015 TypeStrong/ts-loader#1537)
• d2f4902 fix(options): add `writeToDisk` option to schema (Anchor jumping is not working in README.md TypeStrong/ts-loader#1520)
• bb484ad chore(release): 3.1.9
• 8b8b087 chore(package): update `webpack-dev-middleware` v3.3.0...3.4.0 (`dependencies`)
• d0725c9 chore(package): update `webpack-dev-middleware` v3.2.0...3.3.0 (`dependencies`) (ts-loader 8.* unable to recognize class variables TypeStrong/ts-loader#1499)
• cbe6813 refactor(package): cross-platform `prepare` script (`scripts`) (Bump terser from 5.7.1 to 5.15.0 in /examples/vanilla TypeStrong/ts-loader#1498)
• 3d37cc5 chore(release): 3.1.8
• 8fb67c9 fix(package): `yargs` security vulnerability (`dependencies`) (Ts-loader never uses enhanced-resolve as of enhanced-resolve v5.3.1 TypeStrong/ts-loader#1492)
• b9d11ca docs: fix typos (Bump terser from 5.7.1 to 5.14.2 in /examples/vanilla TypeStrong/ts-loader#1487)
• 7a6ca47 fix(utils/createLogger): ensure `quiet` always takes precedence (`options.quiet`) (Configure Mend Bolt for GitHub TypeStrong/ts-loader#1486)
• 065978f chore(package): update `import-local` v1.0.0...2.0.0 (`dependencies`) ( TypeError: loaderContext.getOptions is not a function TypeStrong/ts-loader#1484)
• f37f0a2 chore(release): 3.1.7
• 2d35287 style(utils/addEntries): cleaner variable naming (chore: upgrade to yarn 3 TypeStrong/ts-loader#1478)
• 8ab9eb6 fix(Server): don't use `spdy` on `node >= v10.0.0` (feat: add zero-config support for fork-ts-checker-webpack-plugin TypeStrong/ts-loader#1451)
• 4740224 refactor(package): migrate to `schema-utils` (`dependencies`) (Unable to install on node 16 TypeStrong/ts-loader#1464)
• 2e1e23a ci(appveyor): add windows testing (Bump eventsource from 1.0.7 to 1.1.1 in /examples/project-references-example TypeStrong/ts-loader#1468)
• 418493d refactor(package): update `internal-ip` v1.2.0...3.0.0 (`dependencies`) (Added link to webpack loaders in the README TypeStrong/ts-loader#1471)
• 2d0999d style(Server): update code style
• 4789ac3 refactor(Server): move certificate generation to it's own file
• 1896fcf refactor(bin): move options and helpers into separate files (Bump follow-redirects from 1.6.1 to 1.15.1 in /examples/fork-ts-checker-webpack-plugin TypeStrong/ts-loader#1470)
• 2ee13ab refactor(lib/utils): move `createLog` && rename files (Unable to strip comments from sourcemaps TypeStrong/ts-loader#1465)
• 0e1f0c1 chore(release): 3.1.6

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[changeset-bot]

⚠️ No Changeset found

Latest commit: 571cf4f

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR