Br3nda
commented
6 years ago @dependabot rebase
Closed dependabot-preview[bot] closed 6 years ago
Br3nda
commented
6 years ago @dependabot rebase
dependabot-preview[bot]
commented
6 years ago Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!
If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.
bonjourmauko
commented
6 years ago Hey @dependabot-bot, looks like you're downgrading webpack-dev-server! Closing for now.
dependabot-preview[bot]
commented
6 years ago OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.
If you change your mind, just re-open this PR and I'll resolve any conflicts on it.
Superseded by #206
Bumps webpack-dev-server from 1.14.0 to 2.11.3. This update includes security fixes.
Vulnerabilities fixed
*Sourced from [The Sonatype OSS Index](https://ossindex.sonatype.org/vuln/555258ee-4500-4f29-99d6-c2e693cdeeea).* > **DNS rebinding vulnerability** > A lack of verification of the `host` header results in a DNS rebinding vulnerability which can lead to information disclosure as well as possible remote code execution. > > Affected versions: <2.4.3Release notes
*Sourced from [webpack-dev-server's releases](https://github.com/webpack/webpack-dev-server/releases).* > ## v2.11.1 > Our third attempt to fix compatibility with old browsers ([#1273](https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1273)), this time we'll get it right. > > ## v2.11.0 > Version 2.11.0 adds the transpilation of the client scripts via babel to ES5 which restores backwards compatibility (that was removed in 2.8.0) to very old or out of date browsers. > > ## v2.10.0 > Version 2.10.0 adds the transpilation of the client scripts via babel to ES5 which restores backwards compatibility (that was removed in 2.8.0) to very old or out of date browsers. > > **Important** webpack-dev-server has entered a maintenance-only mode. We won't be accepting any new features or major modifications. We'll still welcome pull requests for fixes however, and will continue to address any bugs that arise. Announcement with specifics pending. > > ## Bugfixes > > - iOS Safari 10 bug where SockJS couldn't be found ([#1238](https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1238)) > - `reportTime` option ([#1209](https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1209)) > - don't mutate stats configuration ([#1174](https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1174)) > - enable progress from config ([#1181](https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1181)) > > ## Updates > > - transpile client bundles with babel ([#1242](https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1242)) > - dependency updates (ce30460) > - Increase minimum `marked` version for ReDos vuln ([#1255](https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1255)) > - Update sockjs dependency to fix auditjs security vulnerability warning > > > ## v2.9.6 > ## Bugfixes > > - fixes [#1208](https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1208): watchOptions not passed to chokidar in wds > > ## v2.9.5 > ## Updates > > - fixes [#1198](https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1198): bump express for security (6b2d7a0) > > ## v2.9.4 > ## Bugfixes > > - assert ssl certs aren't published. fixes [#1171](https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1171) > - fixes [#860](https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/860): failure to exit on SIGINT race condition ([#1157](https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1157)) > > ## v2.9.3 > ## Bugfixes > > - Fixes [#1082](https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1082), [#1142](https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1142). bin file correctly prefers local module, uses it, and bails if local module detected. > - Use dist/build `sockjs-client` instead of module source ([#1148](https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1148)) > > ## v2.9.2 > ## Bugfixes > ... (truncated)Commits
- [`7cdfb74`](https://github.com/webpack/webpack-dev-server/commit/7cdfb742a89831a1f3421e6277463927bfb19332) 2.11.3 - [`b71137e`](https://github.com/webpack/webpack-dev-server/commit/b71137ed87d8ecfbf5796a22397b80ba3103c5e3) Increase sockjs-client version for security fix - [`f33be5b`](https://github.com/webpack/webpack-dev-server/commit/f33be5bc150b732b6bb8cc6d3a285f441d80cfb8) 2.11.2 - [`dd32166`](https://github.com/webpack/webpack-dev-server/commit/dd321662c9443252e07de91669cb9466147d7fee) Fix support for DynamicEntryPlugin ([#1319](https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1319)) - [`ab4eeb0`](https://github.com/webpack/webpack-dev-server/commit/ab4eeb007283fdf3e8950ff1f3ff8150a4812061) Fix page not reloading after fixing first error on page ([#1317](https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1317)) - [`83c1625`](https://github.com/webpack/webpack-dev-server/commit/83c16251a16794b61fa22761d43b6450bfb18207) 2.11.1 - [`3aa15aa`](https://github.com/webpack/webpack-dev-server/commit/3aa15aa619e1b54cc8ddb8ea2be897d4266527bb) Merge pull request [#1273](https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1273) from yyx990803/master - [`b78e249`](https://github.com/webpack/webpack-dev-server/commit/b78e249c7953f4a7676ec0f32990777edf45c01e) fix: pin strip-ansi to 3.x for ES5 compat - [`8c1ed7a`](https://github.com/webpack/webpack-dev-server/commit/8c1ed7aad263f6a7b850e63cf945388ddac84441) 2.11.0 - [`b0fa5f6`](https://github.com/webpack/webpack-dev-server/commit/b0fa5f634e82ce942ac79f1b1371ef7f5afcdc81) Merge pull request [#1270](https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1270) from yyx990803/client-refactor - Additional commits viewable in [compare view](https://github.com/webpack/webpack-dev-server/compare/v1.14.0...v2.11.3)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.