Update webpack-dev-server to the latest version 🚀

[greenkeeper[bot]]

Version 2.4.3 of webpack-dev-server just got published.

Dependency	webpack-dev-server
Current Version	2.4.1
Type	devDependency

The version 2.4.3 is not covered by your current version range.

Without accepting this pull request your project will work just like it did before. There might be a bunch of new features, fixes and perf improvements that the maintainers worked on for you though.

I recommend you look into these changes and try to get onto the latest version of webpack-dev-server. Given that you have a decent test suite, a passing build is a strong indicator that you can take advantage of these changes by merging the proposed change into your project. Otherwise this branch is a great starting point for you to work on the update.

---

Release Notes

v2.4.3

Security fix:

This version contains a security fix, which is also breaking change if you have an insecure configuration.
We are releasing this breaking change as patch version to protect you from attacks.
Sorry if this breaks your setup, but the fix is easy.

We added a check for the correct Host header to the webpack-dev-server.
This allowed evil websites to access your assets.

The Host header of the request have to match the listening adress or the host provided in the public option.
Make sure to provide correct values here.

The response will contain a note when using an incorrect Host header.

For usage behind a Proxy or similar setups we also added a disableHostCheck option to disable this check.
Only use it when you know what you do. Not recommended.

This version also includes this security fix for webpack-dev-middleware: https://github.com/webpack/webpack-dev-middleware/releases/tag/v1.10.2

Note: This only affect the development server and middleware. webpack and built bundles are not affected.

Bugfixes:

• Requests are not blocked when Host doesn't match listening host or public option.
• Requests to localhost or 127.0.0.1 are not blocked.

Features:

• Added disableHostCheck option to disable the host check

Commits

The new version differs by 19 commits0.

• ca93284 2.4.3
• f3a4ac6 Merge branch 'security/host-check'
• 8db5fd5 Require a secure webpack-dev-middleware version
• 2957853 enable Host header check for all requests and sockets
• 60e4727 2.4.2
• 32adae3 Added beforeunload check to index.js (#544) (#841)
• d69559a Handle external upgrade for all websocket proxies (#843)
• 35a44d1 Remove Node.js v7 warning
• d2f579c Support for array of contentBase (#832)
• aabeeaa Remove unnecessary logging of closing the dev-server
• 1dc9461 Fix to share proxy option between proxy settings when the proxy option is a same object (#836)
• 42cd23c Explicitely but gracefully handle SIGINT and SIGTERM signals. (#787)
• 85de417 Use arrow function if it possible and get rid of .bind in server part (#835)
• 234294a Add unit tests for proxy options (#834)
• 8d4b826 add codecov

There are 19 commits in total.

See the full diff

Not sure how things should work exactly?

There is a collection of [frequently asked questions](https://greenkeeper.io/faq.html) and of course you may always [ask my humans](https://github.com/greenkeeperio/greenkeeper/issues/new).

---

Your Greenkeeper Bot :palm_tree:

[greenkeeper[bot]]

Version 2.4.4 just got published.

Update to this version instead 🚀

Release Notes

v2.4.4

Bugfixes:

• add disableHostCheck to schema

Commits

The new version differs by 2 commits0.

• 7d08d1e 2.4.4
• 988f9c9 fixes #883

false

See the full diff

[greenkeeper[bot]]

Version 2.4.5 just got published.

Update to this version instead 🚀

Commits

The new version differs by 4 commits0.

• 662bc31 2.4.5
• 99b273c Merge pull request #888 from phairoh/fix-incorrect-variable-usage
• f26f985 Added tests for Server.prototype.checkHost
• 9688eea Use idxPublic when extracting hostname from publicHost

false

See the full diff