Skip to content

[Snyk] Security upgrade webpack-dev-server from 2.9.4 to 4.6.0 #45

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade webpack-dev-server from 2.9.4 to 4.6.0 #45

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • packages/react-scripts/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JS-TRIMNEWLINES-1298042		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: webpack-dev-server The new version differs by 250 commits.
  • c5b9c7e chore(release): 4.6.0
  • 1ba9720 fix: reload on warnings (#4056)
  • 5026601 feat: allow to pass all `chokidar` options (#4025)
  • 7e78bfa chore(deps-dev): bump webpack from 5.64.2 to 5.64.3 (#4054)
  • f2a7d16 chore(deps-dev): bump memfs from 3.3.0 to 3.4.0 (#4055)
  • d104b58 chore: remove redundant `eslint-disable` comments (#4053)
  • e6330f5 chore: remove redundant snapshots (#4052)
  • cf26a3f chore(deps): bump ws from 8.2.3 to 8.3.0 (#4051)
  • 7823237 chore(deps-dev): bump lint-staged from 12.1.1 to 12.1.2 (#4048)
  • 9b32c96 fix: reconnection logic (#4044)
  • 5e7c001 chore(deps-dev): bump eslint from 8.2.0 to 8.3.0 (#4045)
  • 12d6d52 chore(deps-dev): bump lint-staged from 12.0.2 to 12.1.1 (#4047)
  • 7ed2ba3 chore(deps-dev): bump webpack from 5.64.1 to 5.64.2 (#4046)
  • b497f68 docs: fix typo (#4042)
  • 285487f chore(deps): remove unused (#4036)
  • a19ee71 chore(deps-dev): bump acorn from 8.5.0 to 8.6.0 (#4040)
  • 497e615 chore(deps): bump webpack-dev-middleware
  • ec882db chore(deps-dev): bump typescript from 4.4.4 to 4.5.2 (#4034)
  • 7d117de chore: update dependencies (#4033)
  • a5b1c70 chore: update `schema-utils` (#4032)
  • d3be607 chore(deps): bump @ babel/preset-env from 7.16.0 to 7.16.4 (#4030)
  • 25bace8 chore(deps): bump @ babel/plugin-transform-runtime (#4031)
  • 6a5b58d docs: fix `--https` option alignment (#4028)
  • fd8c54a chore: remove redundant `eslint-disable` comments (#4024)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot