[Snyk] Upgrade webpack-dev-server from 3.10.3 to 5.1.0 #595

WontonSam · 2024-10-29T17:14:04Z

Snyk has created this PR to upgrade webpack-dev-server from 3.10.3 to 5.1.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

The recommended version is 50 versions ahead of your current version.
The recommended version was released on 2 months ago.

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Arbitrary File Write SNYK-JS-TAR-1579147	74	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	74	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	74	No Known Exploit
Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	74	Proof of Concept
Prototype Pollution SNYK-JS-AJV-584908	74	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	74	Proof of Concept
Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	74	No Known Exploit
Code Injection SNYK-JS-LODASH-1040724	74	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	74	Proof of Concept
Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	74	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	74	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	74	Proof of Concept
Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	74	No Known Exploit
Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	74	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	74	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	74	No Known Exploit
Prototype Pollution SNYK-JS-LOADERUTILS-3043105	74	No Known Exploit
Prototype Pollution SNYK-JS-LOADERUTILS-3043105	74	No Known Exploit
Improper Input Validation SNYK-JS-URLPARSE-2407770	74	Proof of Concept
Prototype Pollution SNYK-JS-NODEFORGE-598677	74	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	74	Proof of Concept
Prototype Poisoning SNYK-JS-QS-3153490	74	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	74	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	74	Proof of Concept
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	74	Proof of Concept
Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	74	No Known Exploit
Cryptographic Issues SNYK-JS-ELLIPTIC-571484	74	Proof of Concept
Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	74	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WEBSOCKETEXTENSIONS-570623	74	Proof of Concept
Denial of Service (DoS) SNYK-JS-WS-7266574	74	Proof of Concept
Prototype Pollution SNYK-JS-Y18N-1021887	74	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-567746	74	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-608086	74	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-6139239	74	Proof of Concept
Improper Handling of Extra Parameters SNYK-JS-FOLLOWREDIRECTS-6141137	74	Proof of Concept
Prototype Pollution SNYK-JS-INI-1048974	74	Proof of Concept
Open Redirect SNYK-JS-EXPRESS-6474509	74	No Known Exploit
Cross-site Scripting SNYK-JS-EXPRESS-7926867	74	No Known Exploit
Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	74	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	74	Proof of Concept
Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	74	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	74	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	74	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	74	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	74	No Known Exploit
Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	74	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	74	Proof of Concept
Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	74	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	74	No Known Exploit
Improper Input Validation SNYK-JS-URLPARSE-1078283	74	No Known Exploit
Open Redirect SNYK-JS-URLPARSE-1533425	74	Proof of Concept
Access Restriction Bypass SNYK-JS-URLPARSE-2401205	74	Proof of Concept
Authorization Bypass SNYK-JS-URLPARSE-2407759	74	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	74	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	74	No Known Exploit
Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	74	No Known Exploit
Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	74	Proof of Concept
Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	74	Proof of Concept
Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	74	Proof of Concept
Information Exposure SNYK-JS-EVENTSOURCE-2823375	74	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	74	Proof of Concept
Prototype Pollution SNYK-JS-YARGSPARSER-560381	74	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	74	No Known Exploit
Open Redirect SNYK-JS-NODEFORGE-2330875	74	Proof of Concept
Prototype Pollution SNYK-JS-NODEFORGE-2331908	74	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	74	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	74	Proof of Concept
Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	74	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:debug:20170905	74	Proof of Concept
Cross-site Scripting SNYK-JS-SEND-7926862	74	No Known Exploit
Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	74	Proof of Concept
Denial of Service (DoS) SNYK-JS-SOCKJS-575261	74	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	74	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	74	No Known Exploit
Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	74	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	74	Proof of Concept
Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	74	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	74	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:debug:20170905	74	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	74	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	74	No Known Exploit

Release notes

Package name: webpack-dev-server

5.1.0 - 2024-09-03
5.1.0 (2024-09-03)

Features
- add visual progress indicators (a8f40b7)
- added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
- allow the server option to be Function (#5275) (02a1c6d)
- http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)
Bug Fixes
- check the platform property to determinate the target (#5269) (c3b532c)
- ipv6 output (#5270) (06005e7)
- replace rimraf with rm (#5162) (1a1561f)
- replace default gateway (#5255) (f5f0902)
- support devServer: false (#5272) (8b341cb)
5.0.4 - 2024-03-19
5.0.4 (2024-03-19)

Bug Fixes
- security: bump webpack-dev-middleware (#5112) (aab576a)
5.0.3 - 2024-03-12
5.0.3 (2024-03-12)

Bug Fixes
- types: proxy (#5101) (6e1aed3)
5.0.2 - 2024-02-16
5.0.2 (2024-02-16)

Bug Fixes
- types (#5057) (da2c24d)
5.0.1 - 2024-02-13
5.0.1 (2024-02-13)

Bug Fixes
- avoid using eval in client (#5045) (7681477)
- overlay and require-trusted-types-for (#5046) (e115436)
5.0.0 - 2024-02-12
5.0.0 (2024-02-12)

Migration Guide and Changes.
4.15.2 - 2024-03-20
4.15.2 (2024-03-20)

Bug Fixes
- security: bump webpack-dev-middleware (4116209)
4.15.1 - 2023-06-09
4.15.1 (2023-06-09)

Bug Fixes
- replace :: with localhost before openBrowser() (#4856) (874c44b)
- types: compatibility with @ types/ws (#4899) (34bcec2)
4.15.0 - 2023-05-07
4.15.0 (2023-05-07)

Features
- overlay displays unhandled promise rejection (#4849) (d1dd430)
4.14.0 - 2023-05-06
4.14.0 (2023-05-06)

Features
- allow CLI to be ESM (#4837) (bb4a5d9)
- allow filter overlay errors/warnings/runtimeErrors with function (#4813) (aab01b3)
4.13.3 - 2023-04-15
4.13.2 - 2023-03-31
4.13.1 - 2023-03-18
4.13.0 - 2023-03-17
4.12.0 - 2023-03-14
4.11.1 - 2022-09-19
4.11.0 - 2022-09-07
4.10.1 - 2022-08-29
4.10.0 - 2022-08-10
4.9.3 - 2022-06-29
4.9.2 - 2022-06-06
4.9.1 - 2022-05-31
4.9.0 - 2022-05-04
4.8.1 - 2022-04-06
4.8.0 - 2022-04-05
4.7.4 - 2022-02-02
4.7.3 - 2022-01-11
4.7.2 - 2021-12-29
4.7.1 - 2021-12-22
4.7.0 - 2021-12-21
4.6.0 - 2021-11-25
4.5.0 - 2021-11-13
4.4.0 - 2021-10-27
4.3.1 - 2021-10-04
4.3.0 - 2021-09-25
4.2.1 - 2021-09-13
4.2.0 - 2021-09-09
4.1.1 - 2021-09-07
4.1.0 - 2021-08-31
4.0.0 - 2021-08-18
4.0.0-rc.1 - 2021-08-17
4.0.0-rc.0 - 2021-07-19
4.0.0-beta.3 - 2021-05-06
4.0.0-beta.2 - 2021-04-06
4.0.0-beta.1 - 2021-03-23
4.0.0-beta.0 - 2020-11-27
3.11.3 - 2021-11-08
3.11.2 - 2021-01-13
3.11.1 - 2020-12-29
3.11.0 - 2020-05-08
3.10.3 - 2020-02-05

from webpack-dev-server GitHub release notes

Important

Warning: This PR contains a major version upgrade, and may be a breaking change.
Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"webpack-dev-server","from":"3.10.3","to":"5.1.0"}],"env":"prod","hasFixes":true,"isBreakingChange":true,"isMajorUpgrade":true,"issuesToFix":[{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579147","issue_id":"SNYK-JS-TAR-1579147","priority_score":97,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"low"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"local"},{"name":"epss","value":0.0013},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Sep 01 2021 07:55:13 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.95},{"name":"likelihood","value":0.97},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579152","issue_id":"SNYK-JS-TAR-1579152","priority_score":97,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"low"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"local"},{"name":"epss","value":0.0013},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Sep 01 2021 07:55:12 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.95},{"name":"likelihood","value":0.97},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579155","issue_id":"SNYK-JS-TAR-1579155","priority_score":97,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"low"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"local"},{"name":"epss","value":0.00074},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Sep 01 2021 07:55:11 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.95},{"name":"likelihood","value":0.968},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-IP-6240864","issue_id":"SNYK-JS-IP-6240864","priority_score":221,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00084},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Feb 11 2024 07:37:52 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":7.84},{"name":"likelihood","value":2.81},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-AJV-584908","issue_id":"SNYK-JS-AJV-584908","priority_score":165,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.0037},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Jul 16 2020 13:58:04 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":1.68},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ANSIHTML-1296849","issue_id":"SNYK-JS-ANSIHTML-1296849","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00216},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Aug 18 2021 15:37:20 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.65},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-NODEFORGE-2430339","issue_id":"SNYK-JS-NODEFORGE-2430339","priority_score":107,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00084},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Mar 20 2022 16:39:52 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":1.89},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-1040724","issue_id":"SNYK-JS-LODASH-1040724","priority_score":239,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"high"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00858},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Feb 15 2021 11:50:50 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":2.44},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Code Injection"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.0016},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Jun 20 2023 15:39:58 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.64},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SERIALIZEJAVASCRIPT-570062","issue_id":"SNYK-JS-SERIALIZEJAVASCRIPT-570062","priority_score":223,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01029},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Jun 01 2020 07:03:01 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.08},{"name":"likelihood","value":2.44},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Arbitrary Code Injection"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ASYNC-2441827","issue_id":"SNYK-JS-ASYNC-2441827","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.0017},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Apr 07 2022 14:22:18 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.64},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SSRI-1246392","issue_id":"SNYK-JS-SSRI-1246392","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00242},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Apr 15 2021 14:43:24 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.65},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-BODYPARSER-7926860","issue_id":"SNYK-JS-BODYPARSER-7926860","priority_score":111,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00046},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Sep 11 2024 11:22:36 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.84},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Asymmetric Resource Consumption (Amplification)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-BROWSERIFYSIGN-6037026","issue_id":"SNYK-JS-BROWSERIFYSIGN-6037026","priority_score":124,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"high"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00062},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Oct 27 2023 12:03:19 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.06},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536528","issue_id":"SNYK-JS-TAR-1536528","priority_score":95,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"none"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"local"},{"name":"epss","value":0.00689},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Aug 04 2021 07:24:54 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.6},{"name":"likelihood","value":0.984},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536531","issue_id":"SNYK-JS-TAR-1536531","priority_score":95,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"none"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"local"},{"name":"epss","value":0.00689},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Aug 04 2021 07:24:55 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.6},{"name":"likelihood","value":0.984},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-LOADERUTILS-3043105","issue_id":"SNYK-JS-LOADERUTILS-3043105","priority_score":115,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.0097},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Nov 04 2022 09:08:14 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.91},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-LOADERUTILS-3043105","issue_id":"SNYK-JS-LOADERUTILS-3043105","priority_score":115,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.0097},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Nov 04 2022 09:08:14 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.91},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-URLPARSE-2407770","issue_id":"SNYK-JS-URLPARSE-2407770","priority_score":191,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00371},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Feb 21 2022 16:02:45 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":8.63},{"name":"likelihood","value":2.21},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Improper Input Validation"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-NODEFORGE-598677","issue_id":"SNYK-JS-NODEFORGE-598677","priority_score":149,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00209},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Sep 01 2020 10:44:20 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":2.65},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-NTHCHECK-1586032","issue_id":"SNYK-JS-NTHCHECK-1586032","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00267},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Sep 17 2021 15:20:51 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.65},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-QS-3153490","issue_id":"SNYK-JS-QS-3153490","priority_score":162,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01947},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Dec 04 2022 12:24:32 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.69},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Prototype Poisoning"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.0016},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Jun 20 2023 15:39:58 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.64},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.0016},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Jun 20 2023 15:39:58 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.64},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-DECODEURICOMPONENT-3149970","issue_id":"SNYK-JS-DECODEURICOMPONENT-3149970","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00382},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Nov 28 2022 16:12:34 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.65},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-DNSPACKET-1293563","issue_id":"SNYK-JS-DNSPACKET-1293563","priority_score":133,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"low"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00097},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu May 20 2021 14:40:43 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":8.78},{"name":"likelihood","value":1.5},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Remote Memory Exposure"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ELLIPTIC-571484","issue_id":"SNYK-JS-ELLIPTIC-571484","priority_score":221,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00353},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Jun 17 2020 10:03:22 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.08},{"name":"likelihood","value":2.43},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Cryptographic Issues"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-WEBPA...

Snyk has created this PR to upgrade webpack-dev-server from 3.10.3 to 5.1.0. See this package in npm: webpack-dev-server See this project in Snyk: https://app.snyk.io/org/cachiman/project/5174f5c7-7911-46a3-b739-839d16fbc071?utm_source=github&utm_medium=referral&page=upgrade-pr

google-cla · 2024-10-29T17:14:09Z

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade webpack-dev-server from 3.10.3 to 5.1.0 #595

[Snyk] Upgrade webpack-dev-server from 3.10.3 to 5.1.0 #595

WontonSam commented Oct 29, 2024

5.1.0 (2024-09-03)

Features

Bug Fixes

5.0.4 (2024-03-19)

Bug Fixes

5.0.3 (2024-03-12)

Bug Fixes

5.0.2 (2024-02-16)

Bug Fixes

5.0.1 (2024-02-13)

Bug Fixes

5.0.0 (2024-02-12)

4.15.2 (2024-03-20)

Bug Fixes

4.15.1 (2023-06-09)

Bug Fixes

4.15.0 (2023-05-07)

Features

4.14.0 (2023-05-06)

Features

google-cla bot commented Oct 29, 2024

[Snyk] Upgrade webpack-dev-server from 3.10.3 to 5.1.0 #595

Are you sure you want to change the base?

[Snyk] Upgrade webpack-dev-server from 3.10.3 to 5.1.0 #595

Conversation

WontonSam commented Oct 29, 2024

Snyk has created this PR to upgrade webpack-dev-server from 3.10.3 to 5.1.0.

Issues fixed by the recommended upgrade:

5.1.0 (2024-09-03)

Features

Bug Fixes

5.0.4 (2024-03-19)

Bug Fixes

5.0.3 (2024-03-12)

Bug Fixes

5.0.2 (2024-02-16)

Bug Fixes

5.0.1 (2024-02-13)

Bug Fixes

5.0.0 (2024-02-12)

4.15.2 (2024-03-20)

Bug Fixes

4.15.1 (2023-06-09)

Bug Fixes

4.15.0 (2023-05-07)

Features

4.14.0 (2023-05-06)

Features

google-cla bot commented Oct 29, 2024