renovate(deps): update dependency webpack-dev-server to v3 [security] - autoclosed

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
webpack-dev-server	`2.11.5` -> `3.1.11`

[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2018-14732

Versions of webpack-dev-server before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement (HMR) are not validated.

Recommendation

For webpack-dev-server update to version 3.1.11 or later.

Release Notes

webpack/webpack-dev-server (webpack-dev-server)

### [`v3.1.11`](https://redirect.github.com/webpack/webpack-dev-server/blob/HEAD/CHANGELOG.md#3111-2018-12-21) [Compare Source](https://redirect.github.com/webpack/webpack-dev-server/compare/v3.1.10...v3.1.11) ##### Bug Fixes - **bin/options:** correct check for color support (`options.color`) ([#1555](https://redirect.github.com/webpack/webpack-dev-server/issues/1555)) ([55398b5](https://redirect.github.com/webpack/webpack-dev-server/commit/55398b5)) - **package:** update `spdy` v3.4.1...4.0.0 (assertion error) ([#1491](https://redirect.github.com/webpack/webpack-dev-server/issues/1491)) ([#1563](https://redirect.github.com/webpack/webpack-dev-server/issues/1563)) ([7a3a257](https://redirect.github.com/webpack/webpack-dev-server/commit/7a3a257)) - **Server:** correct `node` version checks ([#1543](https://redirect.github.com/webpack/webpack-dev-server/issues/1543)) ([927a2b3](https://redirect.github.com/webpack/webpack-dev-server/commit/927a2b3)) - **Server:** mime type for wasm in contentBase directory ([#1575](https://redirect.github.com/webpack/webpack-dev-server/issues/1575)) ([#1580](https://redirect.github.com/webpack/webpack-dev-server/issues/1580)) ([fadae5d](https://redirect.github.com/webpack/webpack-dev-server/commit/fadae5d)) - add url for compatibility with webpack@5 ([#1598](https://redirect.github.com/webpack/webpack-dev-server/issues/1598)) ([#1599](https://redirect.github.com/webpack/webpack-dev-server/issues/1599)) ([68dd49a](https://redirect.github.com/webpack/webpack-dev-server/commit/68dd49a)) - check origin header for websocket connection ([#1603](https://redirect.github.com/webpack/webpack-dev-server/issues/1603)) ([b3217ca](https://redirect.github.com/webpack/webpack-dev-server/commit/b3217ca)) ### [`v3.1.10`](https://redirect.github.com/webpack/webpack-dev-server/blob/HEAD/CHANGELOG.md#3110-2018-10-23) [Compare Source](https://redirect.github.com/webpack/webpack-dev-server/compare/v3.1.9...v3.1.10) ##### Bug Fixes - **options:** add `writeToDisk` option to schema ([#1520](https://redirect.github.com/webpack/webpack-dev-server/issues/1520)) ([d2f4902](https://redirect.github.com/webpack/webpack-dev-server/commit/d2f4902)) - **package:** update `sockjs-client` v1.1.5...1.3.0 (`url-parse` vulnerability) ([#1537](https://redirect.github.com/webpack/webpack-dev-server/issues/1537)) ([e719959](https://redirect.github.com/webpack/webpack-dev-server/commit/e719959)) - **Server:** set `tls.DEFAULT_ECDH_CURVE` to `'auto'` ([#1531](https://redirect.github.com/webpack/webpack-dev-server/issues/1531)) ([c12def3](https://redirect.github.com/webpack/webpack-dev-server/commit/c12def3)) ### [`v3.1.9`](https://redirect.github.com/webpack/webpack-dev-server/blob/HEAD/CHANGELOG.md#319-2018-09-24) [Compare Source](https://redirect.github.com/webpack/webpack-dev-server/compare/v3.1.8...v3.1.9) #### [3.1.9](https://redirect.github.com/webpack/webpack-dev-server/compare/v3.1.8...v3.1.9) (2018-09-24) ### [`v3.1.8`](https://redirect.github.com/webpack/webpack-dev-server/blob/HEAD/CHANGELOG.md#318-2018-09-06) [Compare Source](https://redirect.github.com/webpack/webpack-dev-server/compare/v3.1.7...v3.1.8) ##### Bug Fixes - **package:** `yargs` security vulnerability (`dependencies`) ([#1492](https://redirect.github.com/webpack/webpack-dev-server/issues/1492)) ([8fb67c9](https://redirect.github.com/webpack/webpack-dev-server/commit/8fb67c9)) - **utils/createLogger:** ensure `quiet` always takes precedence (`options.quiet`) ([#1486](https://redirect.github.com/webpack/webpack-dev-server/issues/1486)) ([7a6ca47](https://redirect.github.com/webpack/webpack-dev-server/commit/7a6ca47)) ### [`v3.1.7`](https://redirect.github.com/webpack/webpack-dev-server/blob/HEAD/CHANGELOG.md#317-2018-08-29) [Compare Source](https://redirect.github.com/webpack/webpack-dev-server/compare/v3.1.6...v3.1.7) ##### Bug Fixes - **Server:** don't use `spdy` on `node >= v10.0.0` ([#1451](https://redirect.github.com/webpack/webpack-dev-server/issues/1451)) ([8ab9eb6](https://redirect.github.com/webpack/webpack-dev-server/commit/8ab9eb6)) ### [`v3.1.6`](https://redirect.github.com/webpack/webpack-dev-server/blob/HEAD/CHANGELOG.md#316-2018-08-26) [Compare Source](https://redirect.github.com/webpack/webpack-dev-server/compare/v3.1.5...v3.1.6) ##### Bug Fixes - **bin:** handle `process` signals correctly when the server isn't ready yet ([#1432](https://redirect.github.com/webpack/webpack-dev-server/issues/1432)) ([334c3a5](https://redirect.github.com/webpack/webpack-dev-server/commit/334c3a5)) - **examples/cli:** correct template path in `open-page` example ([#1401](https://redirect.github.com/webpack/webpack-dev-server/issues/1401)) ([df30727](https://redirect.github.com/webpack/webpack-dev-server/commit/df30727)) - **schema:** allow the `output` filename to be a `{Function}` ([#1409](https://redirect.github.com/webpack/webpack-dev-server/issues/1409)) ([e2220c4](https://redirect.github.com/webpack/webpack-dev-server/commit/e2220c4)) ### [`v3.1.5`](https://redirect.github.com/webpack/webpack-dev-server/releases/tag/v3.1.5) [Compare Source](https://redirect.github.com/webpack/webpack-dev-server/compare/v3.1.4...v3.1.5) - Send the `Progress` event in the client so plugins can use it ([#1427](https://redirect.github.com/webpack/webpack-dev-server/issues/1427)) - Update `sockjs-client` to fix infinite reconnection loop ([#1434](https://redirect.github.com/webpack/webpack-dev-server/issues/1434)) ### [`v3.1.4`](https://redirect.github.com/webpack/webpack-dev-server/releases/tag/v3.1.4) [Compare Source](https://redirect.github.com/webpack/webpack-dev-server/compare/v3.1.3...v3.1.4) - Update to webpack-dev-middleware 3.1.3, which should fix paths with a space not working on Windows ([#1392](https://redirect.github.com/webpack/webpack-dev-server/issues/1392)) - Fix `logLevel` option `silent` not being accepted by schema validation ([#1372](https://redirect.github.com/webpack/webpack-dev-server/issues/1372)) ### [`v3.1.3`](https://redirect.github.com/webpack/webpack-dev-server/releases/tag/v3.1.3) [Compare Source](https://redirect.github.com/webpack/webpack-dev-server/compare/v3.1.2...v3.1.3) - Fix HMR causing a crash when trying to reload ### [`v3.1.2`](https://redirect.github.com/webpack/webpack-dev-server/releases/tag/v3.1.2) [Compare Source](https://redirect.github.com/webpack/webpack-dev-server/compare/v3.1.1...v3.1.2) - Speed up incremental builds ([#1362](https://redirect.github.com/webpack/webpack-dev-server/issues/1362)) - Update webpack-dev-middleware to 3.1.2 ### [`v3.1.1`](https://redirect.github.com/webpack/webpack-dev-server/blob/HEAD/CHANGELOG.md#3114-2018-12-24) [Compare Source](https://redirect.github.com/webpack/webpack-dev-server/compare/v3.1.0...v3.1.1) ##### Bug Fixes - add workaround for Origin header in sockjs ([#1608](https://redirect.github.com/webpack/webpack-dev-server/issues/1608)) ([1dfd4fb](https://redirect.github.com/webpack/webpack-dev-server/commit/1dfd4fb)) ### [`v3.1.0`](https://redirect.github.com/webpack/webpack-dev-server/releases/tag/v3.1.0) [Compare Source](https://redirect.github.com/webpack/webpack-dev-server/compare/v3.0.0...v3.1.0) #### Updates - Fancy logging; `webpack-log` is now used for logging to the terminal (webpack-dev-middleware was already using this). - The `logLevel` option is added for more fine-grained control over the logging. #### Bugfixes - MultiCompiler was broken with webpack 4. - Fix deprecation warnings caused by webpack 4. Note that you will still see some deprecation warnings because webpack-dev-middleware has not been updated yet. ### [`v3.0.0`](https://redirect.github.com/webpack/webpack-dev-server/releases/tag/v3.0.0) [Compare Source](https://redirect.github.com/webpack/webpack-dev-server/compare/5807c7462f6dd15cade9c74216f2e829c2653351...v3.0.0) #### Updates - **Breaking change:** webpack v4 is now supported. Older versions of webpack are **not** supported. - **Breaking change:** drops support for Node.js v4, going forward we only support v6+ (same as webpack). - webpack-dev-middleware updated to v2 ([see changes](https://redirect.github.com/webpack/webpack-dev-middleware/releases)). #### Bugfixes - After starting webpack-dev-server with an error in your code, it would not reload the page after fixing that error ([#1317](https://redirect.github.com/webpack/webpack-dev-server/issues/1317)). - DynamicEntryPlugin is now supported correctly ([#1319](https://redirect.github.com/webpack/webpack-dev-server/issues/1319)). Huge thanks to all the contributors! Please note that [webpack-serve](https://redirect.github.com/webpack-contrib/webpack-serve) will eventually be the successor of webpack-dev-server. The core features already work so if you're brave enough give it a try!

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

nos / client