Open greenkeeper[bot] opened 7 years ago
Your tests are still failing with this version. Compare the changes π¨
disableHostCheck
to schemaYour tests are still failing with this version. Compare the changes π¨
Your tests are still failing with this version. Compare the changes π¨
Don't provide a SSL cert, but generate one on demand. Unique for each developer.
https://medium.com/@mikenorth/961572624c54 by Mike North
allowedHosts
optionopenPage
option to open a specific page--bonjour
lan
option, which listen on lan ip by defaultThe new version differs by 11 commits.
bbcdca7
2.5.0
7b3a42a
Add 'lan' option (modify the option name to βuseLocalIpβ for more semantic) (#901)
8d5f252
replace console.log with internal log function (#856)
c9fe53d
zeroconf dns (bonjour) service publishing (#930)
14d77a5
Adding page argument to the Open option (#917)
2ca97dd
Strongly check client isn't running on WebWorker for sendMsg (#929)
ab889c3
Add 'allowedHosts' option (#899)
1a26ab4
fix #752: allow --port 0 again (#918)
9a7693c
Merge pull request #942 from webpack/ssl-path
25e1098
updating https docs
400b289
generate ssl certs per instance
See the full diff
Your tests are passing again with this version. Explicitly upgrade to this version π
Your tests are passing again with this version. Explicitly upgrade to this version π
The new version differs by 12 commits.
adc9a0d
2.6.0
6da2f38
Set HMR log level. (#926)
140da45
Don't output startup info if quiet is set to true (#970)
9188878
Added cli option --disable-host-check
(#980)
b97dc5e
Only load bonjour when needed (#958)
e5b6202
Do not show warnings @ overlay unless explicitly set (#881)
a7fdb06
Fix typo in https docs (#952)
be1af21
Update README.md (#963)
bd22dce
Browser console messages should respect clientLogLevel (#921)
2041b11
Updated sockjs-client to 1.1.4 (#975)
047a595
Merge pull request #946 from lencioni/patch-1
8978059
Update to webpack 3
See the full diff
Your tests are passing again with this version. Explicitly upgrade to this version π
loglevel
from devDependencies to dependencies #1001The new version differs by 14 commits.
09ffe23
2.6.1
d35c1c4
Move loglevel from devDependencies to dependencies (#1001)
adc9a0d
2.6.0
6da2f38
Set HMR log level. (#926)
140da45
Don't output startup info if quiet is set to true (#970)
9188878
Added cli option --disable-host-check
(#980)
b97dc5e
Only load bonjour when needed (#958)
e5b6202
Do not show warnings @ overlay unless explicitly set (#881)
a7fdb06
Fix typo in https docs (#952)
be1af21
Update README.md (#963)
bd22dce
Browser console messages should respect clientLogLevel (#921)
2041b11
Updated sockjs-client to 1.1.4 (#975)
047a595
Merge pull request #946 from lencioni/patch-1
8978059
Update to webpack 3
See the full diff
Your tests are passing again with this version. Explicitly upgrade to this version π
The new version differs by 20 commits.
62a46a5
2.7.0
ccd113a
Sockjs prefix config (#911)
1cf4359
add --allowed-hosts CLI option (#1012)
72efaab
Always allow requests with IP-address as host in checkHost() (#1007)
628f0a2
Fully mute output info if quiet is set to true. (#999)
8207238
Set undefined openPage to empty string when open option is true (#973)
09ffe23
2.6.1
d35c1c4
Move loglevel from devDependencies to dependencies (#1001)
adc9a0d
2.6.0
6da2f38
Set HMR log level. (#926)
140da45
Don't output startup info if quiet is set to true (#970)
9188878
Added cli option --disable-host-check
(#980)
b97dc5e
Only load bonjour when needed (#958)
e5b6202
Do not show warnings @ overlay unless explicitly set (#881)
a7fdb06
Fix typo in https docs (#952)
There are 20 commits in total.
See the full diff
Your tests are passing again with this version. Explicitly upgrade to this version π
The new version differs by 22 commits.
65f0586
2.7.1 (#1024)
cab5da5
2.7.0 rollback (#1023)
c8b9a0f
2.7.0 (#1020)
ccd113a
Sockjs prefix config (#911)
1cf4359
add --allowed-hosts CLI option (#1012)
72efaab
Always allow requests with IP-address as host in checkHost() (#1007)
628f0a2
Fully mute output info if quiet is set to true. (#999)
8207238
Set undefined openPage to empty string when open option is true (#973)
09ffe23
2.6.1
d35c1c4
Move loglevel from devDependencies to dependencies (#1001)
adc9a0d
2.6.0
6da2f38
Set HMR log level. (#926)
140da45
Don't output startup info if quiet is set to true (#970)
9188878
Added cli option --disable-host-check
(#980)
b97dc5e
Only load bonjour when needed (#958)
There are 22 commits in total.
See the full diff
Your tests are still failing with this version. Compare the changes π¨
The new version differs by 39 commits.
0df1fa7
2.8.0
ccef0d1
Print webpack progress to browser console (#1063)
d3a650f
include subjectAltName
field in self-signed cert (#987)
e519cf2
Add feature to disable hotReloading with query string (#1068)
f166177
Fixes issue #1064 by switching to a named logger (#1070)
f00fcb3
Allow --open option to specify the browser to use (#825)
cf5dda8
improving requestCert description
2b760f6
Merge branch 'dbk91-request_cert_support'
11a3e63
Merge branch 'request_cert_support' of https://github.com/dbk91/webpack-dev-server into dbk91-request_cert_support
0fa8fea
Fix Broken Socket on Client for Custom/Random Port Numbers (#1060)
1201ac1
addresses #998 to properly assign a random port and access the port assigned (#1054)
69239ce
Cleanup Effort (#1058)
e6ccbaf
No longer generating ssl cert when one is already specified (#1036)
0b4729f
Proposed fix for ./log module not found (#1050)
b2cf847
fixes #1042: overlay doesn't clear if errors are fixed but warnings remain (#1043)
There are 39 commits in total.
See the full diff
Your tests are still failing with this version. Compare the changes π¨
The new version differs by 5 commits.
e8cbdad
2.8.1 + package-lock.json
e5dc236
fixes #1081, closes #1079. addDevServerEndpoints needs app stub for
e61972a
fixes #1080 - jQuery update caused live bundle iframe issue
6e1a466
removing errant console.log, update lint rules
c7d2c9d
clean up progress option typo and options def
See the full diff
Your tests are still failing with this version. Compare the changes π¨
The new version differs by 6 commits.
bc22935
2.8.2
35e1d5f
fixes #1087: yargs@8 causes error output with webpack@2.x
c9d32f8
fixes #1084: template literals causing errors on IE (#1089)
6e18fa6
add promise-config example
8f897c5
fixes #1086: promise configs fix and example
35295b7
update issue template to include commonly needed info
See the full diff
Your tests are still failing with this version. Compare the changes π¨
Note: Minor release due to addition of before
and after
hooks
Deprecate setup in favor of before and after hooks (#1108)
Fixed check for webpack/hot/log when setting HMR log level. (#1096)
fixes #1109: internal-ip update breaks useLocalIp option
Fix quote style to satisfy ESLint (#1098)
Made error overlay translucent. (#1097)
The new version differs by 7 commits.
5982806
2.9.0
dcb4e3d
feat: deprecate setup in favor of before and after hooks (#1108)
8bc6daa
adding modification option to issue template
33bef0d
fixes #1109: internal-ip update breaks useLocalIp option
114e67c
Fixed check for webpack/hot/log when setting HMR log level. (#1096)
bad7ed5
Made error overlay translucent. (#1097)
3e24ac4
Fix quote style to satisfy ESLint (#1098)
See the full diff
Your tests are still failing with this version. Compare the changes π¨
Your tests are still failing with this version. Compare the changes π¨
Changed property descriptor for Array.includes polyfill (#1134)
Remove header additional property validation (#1115)
Allow explicitly setting the protocol from the public option (#1117)
Updates readme with support, usage, and caveats (outlines no support for old IE)
The new version differs by 5 commits.
32412bb
2.9.2
1af8f0e
Remove header property validation (#1115)
c490b24
allow explicitly setting the protocol from the public option (#1117)
ee7231b
Changed property descriptor for Array.includes polyfill (#1134)
5a7f26b
updating readme with support, usage, and caveats
See the full diff
Your tests are still failing with this version. Compare the changes π¨
Your tests are still failing with this version. Compare the changes π¨
Your tests are still failing with this version. Compare the changes π¨
Your tests are still failing with this version. Compare the changes π¨
Your tests are still failing with this version. Compare the changes π¨
Your tests are still failing with this version. Compare the changes π¨
Version 2.10.0 adds the transpilation of the client scripts via babel to ES5 which restores backwards compatibility (that was removed in 2.8.0) to very old or out of date browsers.
Important webpack-dev-server has entered a maintenance-only mode. We won't be accepting any new features or major modifications. We'll still welcome pull requests for fixes however, and will continue to address any bugs that arise. Announcement with specifics pending.
reportTime
option (#1209)The new version differs by 13 commits.
ca8b5aa
2.10.0 (#1258)
17355f0
transpile client bundles with babel (#1242)
ce30460
rolling back webpack-dev-midddleware 2.0, as it's node6+
00e8500
updating deps and patching as necessary
082ddae
maint only mode
c9c61f2
fix(package): Increase minimum marked
version for ReDos vuln (#1255)
aab49de
iOS Safari 10 bug where SockJS couldn't be found (#1238)
a168b81
feat: reportTime
option (#1209)
32c3ceb
don't mutate stats configuration (#1174)
ef18fc8
Update sockjs dependency to fix auditjs security vulnerability warning (#1178)
7e89442
enable progress from config (#1181)
e8964d1
add --progress cli test (#1182)
a9327e5
Fix typos (#1236)
See the full diff
Your tests are still failing with this version. Compare the changes π¨
Your tests are still failing with this version. Compare the changes π¨
Version 2.11.0 adds the transpilation of the client scripts via babel to ES5 which restores backwards compatibility (that was removed in 2.8.0) to very old or out of date browsers.
Your tests are still failing with this version. Compare the changes π¨
Our third attempt to fix compatibility with old browsers (#1273), this time we'll get it right.
Version 2.4.3 of webpack-dev-server just got published.
This version is covered by your current version range and after updating it in your project the build failed.
As webpack-dev-server is βonlyβ a devDependency of this project it might not break production or downstream projects, but βonlyβ your build or test tools β preventing new deploys or publishes.
I recommend you give this issue a high priority. Iβm sure you can resolve this :muscle:
Status Details
- β **clahub** Not all contributors have signed the Contributor License Agreement. [Details](http://www.clahub.com/agreements/CAAPIM/webpack-config),- β **continuous-integration/travis-ci/push** The Travis CI build passed [Details](https://travis-ci.org/CAAPIM/webpack-config/builds/224638514),- β **codecov/patch** Coverage not affected when comparing aca3d33...48f7f3d [Details](https://codecov.io/gh/CAAPIM/webpack-config/commit/48f7f3d4731cba019db8a5cca1e2c28a1fbddc8c),- β **codecov/project** 100% remains the same compared to aca3d33 [Details](https://codecov.io/gh/CAAPIM/webpack-config/commit/48f7f3d4731cba019db8a5cca1e2c28a1fbddc8c)Release Notes
v2.4.3Security fix:
This version contains a security fix, which is also breaking change if you have an insecure configuration.
We are releasing this breaking change as patch version to protect you from attacks.
Sorry if this breaks your setup, but the fix is easy.
We added a check for the correct
Host
header to the webpack-dev-server.This allowed evil websites to access your assets.
The
Host
header of the request have to match the listening adress or the host provided in thepublic
option.Make sure to provide correct values here.
The response will contain a note when using an incorrect
Host
header.For usage behind a Proxy or similar setups we also added a
disableHostCheck
option to disable this check.Only use it when you know what you do. Not recommended.
This version also includes this security fix for webpack-dev-middleware: https://github.com/webpack/webpack-dev-middleware/releases/tag/v1.10.2
Note: This only affect the development server and middleware. webpack and built bundles are not affected.
Bugfixes:
Host
doesn't match listening host orpublic
option.localhost
or127.0.0.1
are not blocked.Features:
disableHostCheck
option to disable the host checkCommits
The new version differs by 4 commits0.
ca93284
2.4.3
f3a4ac6
Merge branch 'security/host-check'
8db5fd5
Require a secure webpack-dev-middleware version
2957853
enable Host header check for all requests and sockets
false
See the full diff
Not sure how things should work exactly?
There is a collection of [frequently asked questions](https://greenkeeper.io/faq.html) and of course you may always [ask my humans](https://github.com/greenkeeperio/greenkeeper/issues/new).Your Greenkeeper Bot :palm_tree: