search

marcusasplund / addressbook

Demo of how to solve the task of making an addressbook with local storage capability
MIT License
1 stars 0 forks source link

An in-range update of webpack-dev-server is breaking the build 🚨 #40

Open greenkeeper[bot] opened 7 years ago

greenkeeper[bot] commented 7 years ago

Version 2.4.3 of webpack-dev-server just got published.

Branch Build failing 🚨
Dependency webpack-dev-server
Current Version 2.4.2
Type devDependency

This version is covered by your current version range and after updating it in your project the build failed.

As webpack-dev-server is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.

I recommend you give this issue a high priority. I’m sure you can resolve this :muscle:

Status Details - ❌ **continuous-integration/travis-ci/push** The Travis CI build could not complete due to an error [Details](https://travis-ci.org/marcusasplund/addressbook/builds/224638505)
Release Notes v2.4.3

Security fix:

This version contains a security fix, which is also breaking change if you have an insecure configuration.
We are releasing this breaking change as patch version to protect you from attacks.
Sorry if this breaks your setup, but the fix is easy.

We added a check for the correct Host header to the webpack-dev-server.
This allowed evil websites to access your assets.

The Host header of the request have to match the listening adress or the host provided in the public option.
Make sure to provide correct values here.

The response will contain a note when using an incorrect Host header.

For usage behind a Proxy or similar setups we also added a disableHostCheck option to disable this check.
Only use it when you know what you do. Not recommended.

This version also includes this security fix for webpack-dev-middleware: https://github.com/webpack/webpack-dev-middleware/releases/tag/v1.10.2

Note: This only affect the development server and middleware. webpack and built bundles are not affected.

Bugfixes:

  • Requests are not blocked when Host doesn't match listening host or public option.
  • Requests to localhost or 127.0.0.1 are not blocked.

Features:

  • Added disableHostCheck option to disable the host check
Commits

The new version differs by 4 commits0.

  • ca93284 2.4.3
  • f3a4ac6 Merge branch 'security/host-check'
  • 8db5fd5 Require a secure webpack-dev-middleware version
  • 2957853 enable Host header check for all requests and sockets

false

See the full diff

Not sure how things should work exactly? There is a collection of [frequently asked questions](https://greenkeeper.io/faq.html) and of course you may always [ask my humans](https://github.com/greenkeeperio/greenkeeper/issues/new).

Your Greenkeeper Bot :palm_tree:

greenkeeper[bot] commented 7 years ago

Version 2.4.4 just got published.

Your tests are still failing with this version. Compare the changes 🚨

Release Notes v2.4.4

Bugfixes:

  • add disableHostCheck to schema
Commits

The new version differs by 2 commits0.

false

See the full diff

greenkeeper[bot] commented 7 years ago

Version 2.4.5 just got published.

Your tests are still failing with this version. Compare the changes 🚨

Commits

The new version differs by 4 commits0.

  • 662bc31 2.4.5
  • 99b273c Merge pull request #888 from phairoh/fix-incorrect-variable-usage
  • f26f985 Added tests for Server.prototype.checkHost
  • 9688eea Use idxPublic when extracting hostname from publicHost

false

See the full diff

greenkeeper[bot] commented 7 years ago

Version 2.5.0 just got published.

Your tests are still failing with this version. Compare the changes 🚨

Release Notes v2.5.0

Security

Don't provide a SSL cert, but generate one on demand. Unique for each developer.

https://medium.com/@mikenorth/961572624c54 by Mike North

Bugfixes

  • allow port 0 again
  • add allowedHosts option
  • better check for WebWorker
  • add openPage option to open a specific page
  • add --bonjour
  • add lan option, which listen on lan ip by default
Commits

The new version differs by 11 commits.

  • bbcdca7 2.5.0
  • 7b3a42a Add 'lan' option (modify the option name to ‘useLocalIp’ for more semantic) (#901)
  • 8d5f252 replace console.log with internal log function (#856)
  • c9fe53d zeroconf dns (bonjour) service publishing (#930)
  • 14d77a5 Adding page argument to the Open option (#917)
  • 2ca97dd Strongly check client isn't running on WebWorker for sendMsg (#929)
  • ab889c3 Add 'allowedHosts' option (#899)
  • 1a26ab4 fix #752: allow --port 0 again (#918)
  • 9a7693c Merge pull request #942 from webpack/ssl-path
  • 25e1098 updating https docs
  • 400b289 generate ssl certs per instance

See the full diff

greenkeeper[bot] commented 7 years ago

Version 2.5.1 just got published.

Your tests are still failing with this version. Compare the changes 🚨

Release Notes v2.5.1

Bugfixes

Fix peer dependencies to support webpack 3 ( #946 ) ( Fixes #932 )

Commits

The new version differs by 3 commits.

See the full diff

greenkeeper[bot] commented 7 years ago

Version 2.6.0 just got published.

Your tests are still failing with this version. Compare the changes 🚨

Release Notes v2.6.0
  • Browser console messages now respect clientLogLevel (#921).
  • Don't output startup info if quiet is set to true (#970).
  • Only load Bonjour when needed (#958).
  • Set HMR log level (#926).
  • Do not show warnings @ overlay unless explicitly set (#881).
  • Add cli option --disable-host-check (#980).
Commits

The new version differs by 10 commits ahead by 10, behind by 1.

  • adc9a0d 2.6.0
  • 6da2f38 Set HMR log level. (#926)
  • 140da45 Don't output startup info if quiet is set to true (#970)
  • 9188878 Added cli option --disable-host-check (#980)
  • b97dc5e Only load bonjour when needed (#958)
  • e5b6202 Do not show warnings @ overlay unless explicitly set (#881)
  • a7fdb06 Fix typo in https docs (#952)
  • be1af21 Update README.md (#963)
  • bd22dce Browser console messages should respect clientLogLevel (#921)
  • 2041b11 Updated sockjs-client to 1.1.4 (#975)

See the full diff

greenkeeper[bot] commented 7 years ago

Version 2.6.1 just got published.

Your tests are still failing with this version. Compare the changes 🚨

Release Notes v2.6.1
  • Move loglevel from devDependencies to dependencies #1001
Commits

The new version differs by 2 commits.

  • 09ffe23 2.6.1
  • d35c1c4 Move loglevel from devDependencies to dependencies (#1001)

See the full diff

greenkeeper[bot] commented 7 years ago

Version 2.7.0 just got published.

Your tests are still failing with this version. Compare the changes 🚨

Release Notes v2.7.0

Features

  • Added Sockjs prefix config (#911)
  • Added --allowed-hosts CLI option (#1012)

Bugfixes

  • Always allow requests with IP-address as host in checkHost() (#1007)
  • Fully mute output info if quiet is set to true. (#999)
  • Set undefined openPage to empty string when open option is true
Commits

The new version differs by 6 commits.

  • 62a46a5 2.7.0
  • ccd113a Sockjs prefix config (#911)
  • 1cf4359 add --allowed-hosts CLI option (#1012)
  • 72efaab Always allow requests with IP-address as host in checkHost() (#1007)
  • 628f0a2 Fully mute output info if quiet is set to true. (#999)
  • 8207238 Set undefined openPage to empty string when open option is true (#973)

See the full diff

greenkeeper[bot] commented 7 years ago

Version 2.7.1 just got published.

Your tests are still failing with this version. Compare the changes 🚨

Commits

The new version differs by 3 commits ahead by 3, behind by 1.

See the full diff