Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Upgrade webpack-dev-server from 3.10.3 to 5.1.0 #606

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade webpack-dev-server from 3.10.3 to 5.1.0 #606

wants to merge 1 commit into from

Conversation

WontonSam
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade webpack-dev-server from 3.10.3 to 5.1.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

  • The recommended version is 50 versions ahead of your current version.

  • The recommended version was released on 2 months ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Prototype Pollution
SNYK-JS-AJV-584908		 94 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIHTML-1296849		 94 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1246392		 94 Proof of Concept
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536528		 94 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 94 Proof of Concept
high severity Prototype Pollution
SNYK-JS-ASYNC-2441827		 94 Proof of Concept
high severity Asymmetric Resource Consumption (Amplification)
SNYK-JS-BODYPARSER-7926860		 94 No Known Exploit
high severity Improper Verification of Cryptographic Signature
SNYK-JS-BROWSERIFYSIGN-6037026		 94 No Known Exploit
high severity Prototype Pollution
SNYK-JS-INI-1048974		 94 Proof of Concept
high severity Server-side Request Forgery (SSRF)
SNYK-JS-IP-6240864		 94 Proof of Concept
high severity Improper Handling of Extra Parameters
SNYK-JS-FOLLOWREDIRECTS-6141137		 94 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970		 94 Proof of Concept
high severity Remote Memory Exposure
SNYK-JS-DNSPACKET-1293563		 94 No Known Exploit
high severity Cryptographic Issues
SNYK-JS-ELLIPTIC-571484		 94 Proof of Concept
high severity Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430339		 94 No Known Exploit
high severity Prototype Pollution
SNYK-JS-NODEFORGE-598677		 94 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-NTHCHECK-1586032		 94 Proof of Concept
medium severity Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430337		 94 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BROWSERSLIST-1090194		 94 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 94 Proof of Concept
medium severity Open Redirect
SNYK-JS-EXPRESS-6474509		 94 No Known Exploit
medium severity Cross-site Scripting
SNYK-JS-EXPRESS-7926867		 94 No Known Exploit
medium severity Denial of Service (DoS)
SNYK-JS-FASTIFY-595959		 94 Proof of Concept
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462		 94 Proof of Concept
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610		 94 Proof of Concept
medium severity Denial of Service (DoS)
SNYK-JS-HTTPPROXY-569139		 94 Proof of Concept
medium severity Server-Side Request Forgery (SSRF)
SNYK-JS-IP-7148531		 94 Proof of Concept
medium severity Denial of Service (DoS)
SNYK-JS-FASTIFY-596516		 94 No Known Exploit
medium severity Web Cache Poisoning
SNYK-JS-FINDMYWAY-1038269		 94 Proof of Concept
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181		 94 Proof of Concept
medium severity Cryptographic Issues
SNYK-JS-ELLIPTIC-1064899		 94 No Known Exploit
medium severity Information Exposure
SNYK-JS-EVENTSOURCE-2823375		 94 Proof of Concept
medium severity Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430341		 94 No Known Exploit
low severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346		 94 No Known Exploit
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577916		 94 Proof of Concept
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577917		 94 Proof of Concept
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577918		 94 Proof of Concept
high severity Prototype Poisoning
SNYK-JS-QS-3153490		 94 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 94 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 94 Proof of Concept
high severity Arbitrary Code Injection
SNYK-JS-SERIALIZEJAVASCRIPT-570062		 94 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1246392		 94 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574		 94 Proof of Concept
high severity Prototype Pollution
SNYK-JS-Y18N-1021887		 94 Proof of Concept
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536531		 94 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579147		 94 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579152		 94 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579155		 94 No Known Exploit
high severity Improper Input Validation
SNYK-JS-URLPARSE-2407770		 94 Proof of Concept
high severity Path Traversal
SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555		 94 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-WEBSOCKETEXTENSIONS-570623		 94 Proof of Concept
high severity Code Injection
SNYK-JS-LODASH-1040724		 94 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-567746		 94 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-608086		 94 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-6139239		 94 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067		 94 Proof of Concept
medium severity Denial of Service (DoS)
SNYK-JS-SOCKJS-575261		 94 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835		 94 Proof of Concept
medium severity Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JS-TAR-6476909		 94 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-TERSER-2806366		 94 No Known Exploit
medium severity Improper Input Validation
SNYK-JS-URLPARSE-1078283		 94 No Known Exploit
medium severity Open Redirect
SNYK-JS-URLPARSE-1533425		 94 Proof of Concept
medium severity Access Restriction Bypass
SNYK-JS-URLPARSE-2401205		 94 Proof of Concept
medium severity Authorization Bypass
SNYK-JS-URLPARSE-2407759		 94 Proof of Concept
medium severity Authorization Bypass Through User-Controlled Key
SNYK-JS-URLPARSE-2412697		 94 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-YARGSPARSER-560381		 94 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		 94 No Known Exploit
medium severity Open Redirect
SNYK-JS-NODEFORGE-2330875		 94 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-NODEFORGE-2331908		 94 No Known Exploit
low severity Cross-site Scripting
SNYK-JS-SERVESTATIC-7926865		 94 No Known Exploit
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758		 94 No Known Exploit
low severity Regular Expression Denial of Service (ReDoS)
npm:debug:20170905		 94 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
npm:debug:20170905		 94 Proof of Concept
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795		 94 Proof of Concept
Release notes
Package name: webpack-dev-server
  • 5.1.0 - 2024-09-03

    5.1.0 (2024-09-03)

    Features

    • add visual progress indicators (a8f40b7)
    • added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
    • allow the server option to be Function (#5275) (02a1c6d)
    • http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

    Bug Fixes

  • 5.0.4 - 2024-03-19

    5.0.4 (2024-03-19)

    Bug Fixes

  • 5.0.3 - 2024-03-12

    5.0.3 (2024-03-12)

    Bug Fixes

  • 5.0.2 - 2024-02-16

    5.0.2 (2024-02-16)

    Bug Fixes

  • 5.0.1 - 2024-02-13

    5.0.1 (2024-02-13)

    Bug Fixes

  • 5.0.0 - 2024-02-12

    5.0.0 (2024-02-12)

    Migration Guide and Changes.

  • 4.15.2 - 2024-03-20

    4.15.2 (2024-03-20)

    Bug Fixes

    • security: bump webpack-dev-middleware (4116209)
  • 4.15.1 - 2023-06-09

    4.15.1 (2023-06-09)

    Bug Fixes

    • replace :: with localhost before openBrowser() (#4856) (874c44b)
    • types: compatibility with @ types/ws (#4899) (34bcec2)
  • 4.15.0 - 2023-05-07

    4.15.0 (2023-05-07)

    Features

    • overlay displays unhandled promise rejection (#4849) (d1dd430)
  • 4.14.0 - 2023-05-06

    4.14.0 (2023-05-06)

    Features

    • allow CLI to be ESM (#4837) (bb4a5d9)
    • allow filter overlay errors/warnings/runtimeErrors with function (#4813) (aab01b3)
  • 4.13.3 - 2023-04-15
  • 4.13.2 - 2023-03-31
  • 4.13.1 - 2023-03-18
  • 4.13.0 - 2023-03-17
  • 4.12.0 - 2023-03-14
  • 4.11.1 - 2022-09-19
  • 4.11.0 - 2022-09-07
  • 4.10.1 - 2022-08-29
  • 4.10.0 - 2022-08-10
  • 4.9.3 - 2022-06-29
  • 4.9.2 - 2022-06-06
  • 4.9.1 - 2022-05-31
  • 4.9.0 - 2022-05-04
  • 4.8.1 - 2022-04-06
  • 4.8.0 - 2022-04-05
  • 4.7.4 - 2022-02-02
  • 4.7.3 - 2022-01-11
  • 4.7.2 - 2021-12-29
  • 4.7.1 - 2021-12-22
  • 4.7.0 - 2021-12-21
  • 4.6.0 - 2021-11-25
  • 4.5.0 - 2021-11-13
  • 4.4.0 - 2021-10-27
  • 4.3.1 - 2021-10-04
  • 4.3.0 - 2021-09-25
  • 4.2.1 - 2021-09-13
  • 4.2.0 - 2021-09-09
  • 4.1.1 - 2021-09-07
  • 4.1.0 - 2021-08-31
  • 4.0.0 - 2021-08-18
  • 4.0.0-rc.1 - 2021-08-17
  • 4.0.0-rc.0 - 2021-07-19
  • 4.0.0-beta.3 - 2021-05-06
  • 4.0.0-beta.2 - 2021-04-06
  • 4.0.0-beta.1 - 2021-03-23
  • 4.0.0-beta.0 - 2020-11-27
  • 3.11.3 - 2021-11-08
  • 3.11.2 - 2021-01-13
  • 3.11.1 - 2020-12-29
  • 3.11.0 - 2020-05-08
  • 3.10.3 - 2020-02-05
from webpack-dev-server GitHub release notes

Important

  • Warning: This PR contains a major version upgrade, and may be a breaking change.
  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"webpack-dev-server","from":"3.10.3","to":"5.1.0"}],"env":"prod","hasFixes":true,"isBreakingChange":true,"isMajorUpgrade":true,"issuesToFix":[{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-AJV-584908","issue_id":"SNYK-JS-AJV-584908","priority_score":165,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.0037},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Jul 16 2020 13:58:04 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":1.68},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ANSIHTML-1296849","issue_id":"SNYK-JS-ANSIHTML-1296849","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00216},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Aug 18 2021 15:37:20 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.65},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SSRI-1246392","issue_id":"SNYK-JS-SSRI-1246392","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00242},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Apr 15 2021 14:43:24 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.65},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536528","issue_id":"SNYK-JS-TAR-1536528","priority_score":95,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"none"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"local"},{"name":"epss","value":0.00689},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Aug 04 2021 07:24:54 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.6},{"name":"likelihood","value":0.984},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.0016},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Jun 20 2023 15:39:58 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.64},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ASYNC-2441827","issue_id":"SNYK-JS-ASYNC-2441827","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.0017},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Apr 07 2022 14:22:18 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.64},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-BODYPARSER-7926860","issue_id":"SNYK-JS-BODYPARSER-7926860","priority_score":111,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00046},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Sep 11 2024 11:22:36 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.84},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Asymmetric Resource Consumption (Amplification)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-BROWSERIFYSIGN-6037026","issue_id":"SNYK-JS-BROWSERIFYSIGN-6037026","priority_score":124,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"high"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00062},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Oct 27 2023 12:03:19 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.06},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-INI-1048974","issue_id":"SNYK-JS-INI-1048974","priority_score":151,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01218},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Dec 10 2020 18:08:38 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":2.67},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-IP-6240864","issue_id":"SNYK-JS-IP-6240864","priority_score":221,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00084},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Feb 11 2024 07:37:52 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":7.84},{"name":"likelihood","value":2.81},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-FOLLOWREDIRECTS-6141137","issue_id":"SNYK-JS-FOLLOWREDIRECTS-6141137","priority_score":158,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00051},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Jan 01 2024 15:19:32 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":2.81},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Improper Handling of Extra Parameters"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-DECODEURICOMPONENT-3149970","issue_id":"SNYK-JS-DECODEURICOMPONENT-3149970","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00382},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Nov 28 2022 16:12:34 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.65},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-DNSPACKET-1293563","issue_id":"SNYK-JS-DNSPACKET-1293563","priority_score":133,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"low"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00097},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu May 20 2021 14:40:43 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":8.78},{"name":"likelihood","value":1.5},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Remote Memory Exposure"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ELLIPTIC-571484","issue_id":"SNYK-JS-ELLIPTIC-571484","priority_score":221,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00353},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Jun 17 2020 10:03:22 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.08},{"name":"likelihood","value":2.43},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Cryptographic Issues"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-NODEFORGE-2430339","issue_id":"SNYK-JS-NODEFORGE-2430339","priority_score":107,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00084},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Mar 20 2022 16:39:52 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":1.89},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-NODEFORGE-598677","issue_id":"SNYK-JS-NODEFORGE-598677","priority_score":149,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00209},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Sep 01 2020 10:44:20 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":2.65},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-NTHCHECK-1586032","issue_id":"SNYK-JS-NTHCHECK-1586032","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00267},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Sep 17 2021 15:20:51 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.65},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-NODEFORGE-2430337","issue_id":"SNYK-JS-NODEFORGE-2430337","priority_score":94,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00083},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Mar 20 2022 16:39:53 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":1.67},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-BROWSERSLIST-1090194","issue_id":"SNYK-JS-BROWSERSLIST-1090194","priority_score":63,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00198},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Apr 28 2021 15:14:31 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":2.65},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-1018905","issue_id":"SNYK-JS-LODASH-1018905","priority_score":63,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00231},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Feb 15 2021 11:50:49 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":2.65},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-EXPRESS-6474509","issue_id":"SNYK-JS-EXPRESS-6474509","priority_score":74,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00044},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Mar 26 2024 07:34:23 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":4.54},{"name":"likelihood","value":1.61},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Open Redirect"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-EXPRESS-7926867","issue_id":"SNYK-JS-EXPRESS-7926867","priority_score":79,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00046},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Sep 11 2024 12:24:12 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":1.39},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Cross-site Scripting"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-FASTIFY-595959","issue_id":"SNYK-JS-FASTIFY-595959","priority_score":84,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Jul 29 2020 16:12:07 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":false},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":3.56},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-BABELTRAVERSE-5962462","issue_id":"SNYK-JS-BABELTRAVERSE-5962462","priority_score":235,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"local"},{"name":"epss","value":0.0006},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Oct 13 2023 06:39:08 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"critical"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":10.1},{"name":"likelihood","value":2.33},{"name":"scoreVersion","value":"V5"}],"severity":"critical","title":"Incomplete List of Disallowed Inputs"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-FOLLOWREDIRECTS-6444610","issue_id":"SNYK-JS-FOLLOWREDIRECTS-6444610","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"none"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"low"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00044},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Mar 15 2024 07:59:52 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.64},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-HTTPPROXY-569139","issue_id":"SNYK-JS-HTTPPROXY-569139","priority_score":134,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sat May 16 2020 17:02:49 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.22},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-IP-7148531","issue_id":"SNYK-JS-IP-7148531","priority_score":119,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue May 28 2024 08:06:24 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":4.19},{"name":"likelihood","value":2.83},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Server-Side Request Forgery (SSRF)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-FASTIFY-596516","issue_id":"SNYK-JS-FASTIFY-596516","priority_score":134,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00079},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Jul 30 2020 15:28:15 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":false},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.23},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-FINDMYWAY-1038269","issue_id":"SNYK-JS-FINDMYWAY-1038269","priority_score":146,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00105},{"name":"isTren...

@snyk-bot
feat: upgrade webpack-dev-server from 3.10.3 to 5.1.0
2bb12b0 
Snyk has created this PR to upgrade webpack-dev-server from 3.10.3 to 5.1.0.

See this package in npm:
webpack-dev-server

See this project in Snyk:
https://app.snyk.io/org/cachiman/project/49d39aa1-0d84-4182-9a7b-022c7783155f?utm_source=github&utm_medium=referral&page=upgrade-pr
@google-cla Google CLA
Copy link

google-cla bot commented Nov 5, 2024

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@WontonSam @snyk-bot