Open greenkeeper[bot] opened 7 years ago
greenkeeper[bot]
commented
7 years ago Your tests are still failing with this version. Compare the changes ๐จ
disableHostCheck to schemagreenkeeper[bot]
commented
7 years ago Your tests are still failing with this version. Compare the changes ๐จ
greenkeeper[bot]
commented
7 years ago Your tests are passing again with this version. Explicitly upgrade to this version ๐
Don't provide a SSL cert, but generate one on demand. Unique for each developer.
https://medium.com/@mikenorth/961572624c54 by Mike North
allowedHosts optionopenPage option to open a specific page--bonjourlan option, which listen on lan ip by defaultThe new version differs by 11 commits.
bbcdca7 2.5.07b3a42a Add 'lan' option (modify the option name to โuseLocalIpโ for more semantic) (#901)8d5f252 replace console.log with internal log function (#856)c9fe53d zeroconf dns (bonjour) service publishing (#930)14d77a5 Adding page argument to the Open option (#917)2ca97dd Strongly check client isn't running on WebWorker for sendMsg (#929)ab889c3 Add 'allowedHosts' option (#899)1a26ab4 fix #752: allow --port 0 again (#918)9a7693c Merge pull request #942 from webpack/ssl-path25e1098 updating https docs400b289 generate ssl certs per instanceSee the full diff
greenkeeper[bot]
commented
7 years ago Your tests are passing again with this version. Explicitly upgrade to this version ๐
The new version differs by 14 commits.
7c8b1f6 2.5.1047a595 Merge pull request #946 from lencioni/patch-18978059 Update to webpack 3bbcdca7 2.5.07b3a42a Add 'lan' option (modify the option name to โuseLocalIpโ for more semantic) (#901)8d5f252 replace console.log with internal log function (#856)c9fe53d zeroconf dns (bonjour) service publishing (#930)14d77a5 Adding page argument to the Open option (#917)2ca97dd Strongly check client isn't running on WebWorker for sendMsg (#929)ab889c3 Add 'allowedHosts' option (#899)1a26ab4 fix #752: allow --port 0 again (#918)9a7693c Merge pull request #942 from webpack/ssl-path25e1098 updating https docs400b289 generate ssl certs per instanceSee the full diff
greenkeeper[bot]
commented
7 years ago Your tests are passing again with this version. Explicitly upgrade to this version ๐
The new version differs by 23 commits.
adc9a0d 2.6.06da2f38 Set HMR log level. (#926)140da45 Don't output startup info if quiet is set to true (#970)9188878 Added cli option --disable-host-check (#980)b97dc5e Only load bonjour when needed (#958)e5b6202 Do not show warnings @ overlay unless explicitly set (#881)a7fdb06 Fix typo in https docs (#952)be1af21 Update README.md (#963)bd22dce Browser console messages should respect clientLogLevel (#921)2041b11 Updated sockjs-client to 1.1.4 (#975)047a595 Merge pull request #946 from lencioni/patch-18978059 Update to webpack 3bbcdca7 2.5.07b3a42a Add 'lan' option (modify the option name to โuseLocalIpโ for more semantic) (#901)8d5f252 replace console.log with internal log function (#856)There are 23 commits in total.
See the full diff
greenkeeper[bot]
commented
7 years ago Your tests are passing again with this version. Explicitly upgrade to this version ๐
loglevel from devDependencies to dependencies #1001The new version differs by 25 commits.
09ffe23 2.6.1d35c1c4 Move loglevel from devDependencies to dependencies (#1001)adc9a0d 2.6.06da2f38 Set HMR log level. (#926)140da45 Don't output startup info if quiet is set to true (#970)9188878 Added cli option --disable-host-check (#980)b97dc5e Only load bonjour when needed (#958)e5b6202 Do not show warnings @ overlay unless explicitly set (#881)a7fdb06 Fix typo in https docs (#952)be1af21 Update README.md (#963)bd22dce Browser console messages should respect clientLogLevel (#921)2041b11 Updated sockjs-client to 1.1.4 (#975)047a595 Merge pull request #946 from lencioni/patch-18978059 Update to webpack 3bbcdca7 2.5.0There are 25 commits in total.
See the full diff
greenkeeper[bot]
commented
7 years ago Your tests are passing again with this version. Explicitly upgrade to this version ๐
The new version differs by 31 commits.
62a46a5 2.7.0ccd113a Sockjs prefix config (#911)1cf4359 add --allowed-hosts CLI option (#1012)72efaab Always allow requests with IP-address as host in checkHost() (#1007)628f0a2 Fully mute output info if quiet is set to true. (#999)8207238 Set undefined openPage to empty string when open option is true (#973)09ffe23 2.6.1d35c1c4 Move loglevel from devDependencies to dependencies (#1001)adc9a0d 2.6.06da2f38 Set HMR log level. (#926)140da45 Don't output startup info if quiet is set to true (#970)9188878 Added cli option --disable-host-check (#980)b97dc5e Only load bonjour when needed (#958)e5b6202 Do not show warnings @ overlay unless explicitly set (#881)a7fdb06 Fix typo in https docs (#952)There are 31 commits in total.
See the full diff
greenkeeper[bot]
commented
7 years ago Your tests are passing again with this version. Explicitly upgrade to this version ๐
The new version differs by 33 commits.
65f0586 2.7.1 (#1024)cab5da5 2.7.0 rollback (#1023)c8b9a0f 2.7.0 (#1020)ccd113a Sockjs prefix config (#911)1cf4359 add --allowed-hosts CLI option (#1012)72efaab Always allow requests with IP-address as host in checkHost() (#1007)628f0a2 Fully mute output info if quiet is set to true. (#999)8207238 Set undefined openPage to empty string when open option is true (#973)09ffe23 2.6.1d35c1c4 Move loglevel from devDependencies to dependencies (#1001)adc9a0d 2.6.06da2f38 Set HMR log level. (#926)140da45 Don't output startup info if quiet is set to true (#970)9188878 Added cli option --disable-host-check (#980)b97dc5e Only load bonjour when needed (#958)There are 33 commits in total.
See the full diff
greenkeeper[bot]
commented
7 years ago Your tests are passing again with this version. Explicitly upgrade to this version ๐
The new version differs by 50 commits.
0df1fa7 2.8.0ccef0d1 Print webpack progress to browser console (#1063)d3a650f include subjectAltName field in self-signed cert (#987)e519cf2 Add feature to disable hotReloading with query string (#1068)f166177 Fixes issue #1064 by switching to a named logger (#1070)f00fcb3 Allow --open option to specify the browser to use (#825)cf5dda8 improving requestCert description2b760f6 Merge branch 'dbk91-request_cert_support'11a3e63 Merge branch 'request_cert_support' of https://github.com/dbk91/webpack-dev-server into dbk91-request_cert_support0fa8fea Fix Broken Socket on Client for Custom/Random Port Numbers (#1060)1201ac1 addresses #998 to properly assign a random port and access the port assigned (#1054)69239ce Cleanup Effort (#1058)e6ccbaf No longer generating ssl cert when one is already specified (#1036)0b4729f Proposed fix for ./log module not found (#1050)b2cf847 fixes #1042: overlay doesn't clear if errors are fixed but warnings remain (#1043)There are 50 commits in total.
See the full diff
greenkeeper[bot]
commented
7 years ago Your tests are passing again with this version. Explicitly upgrade to this version ๐
The new version differs by 55 commits.
e8cbdad 2.8.1 + package-lock.jsone5dc236 fixes #1081, closes #1079. addDevServerEndpoints needs app stub fore61972a fixes #1080 - jQuery update caused live bundle iframe issue6e1a466 removing errant console.log, update lint rulesc7d2c9d clean up progress option typo and options def0df1fa7 2.8.0ccef0d1 Print webpack progress to browser console (#1063)d3a650f include subjectAltName field in self-signed cert (#987)e519cf2 Add feature to disable hotReloading with query string (#1068)f166177 Fixes issue #1064 by switching to a named logger (#1070)f00fcb3 Allow --open option to specify the browser to use (#825)cf5dda8 improving requestCert description2b760f6 Merge branch 'dbk91-request_cert_support'11a3e63 Merge branch 'request_cert_support' of https://github.com/dbk91/webpack-dev-server into dbk91-request_cert_support0fa8fea Fix Broken Socket on Client for Custom/Random Port Numbers (#1060)There are 55 commits in total.
See the full diff
greenkeeper[bot]
commented
7 years ago Your tests are passing again with this version. Explicitly upgrade to this version ๐
Note: Minor release due to addition of before and after hooks
Deprecate setup in favor of before and after hooks (#1108)
Fixed check for webpack/hot/log when setting HMR log level. (#1096)
fixes #1109: internal-ip update breaks useLocalIp option
Fix quote style to satisfy ESLint (#1098)
Made error overlay translucent. (#1097)
The new version differs by 68 commits.
5982806 2.9.0dcb4e3d feat: deprecate setup in favor of before and after hooks (#1108)8bc6daa adding modification option to issue template33bef0d fixes #1109: internal-ip update breaks useLocalIp option114e67c Fixed check for webpack/hot/log when setting HMR log level. (#1096)bad7ed5 Made error overlay translucent. (#1097)3e24ac4 Fix quote style to satisfy ESLint (#1098)bc22935 2.8.235e1d5f fixes #1087: yargs@8 causes error output with webpack@2.xc9d32f8 fixes #1084: template literals causing errors on IE (#1089)6e18fa6 add promise-config example8f897c5 fixes #1086: promise configs fix and example35295b7 update issue template to include commonly needed infoe8cbdad 2.8.1 + package-lock.jsone5dc236 fixes #1081, closes #1079. addDevServerEndpoints needs app stub forThere are 68 commits in total.
See the full diff
greenkeeper[bot]
commented
7 years ago Your tests are passing again with this version. Explicitly upgrade to this version ๐
The new version differs by 70 commits.
97484a9 2.9.18de5d0a fix errant always-on log message regarding 'setup'5982806 2.9.0dcb4e3d feat: deprecate setup in favor of before and after hooks (#1108)8bc6daa adding modification option to issue template33bef0d fixes #1109: internal-ip update breaks useLocalIp option114e67c Fixed check for webpack/hot/log when setting HMR log level. (#1096)bad7ed5 Made error overlay translucent. (#1097)3e24ac4 Fix quote style to satisfy ESLint (#1098)bc22935 2.8.235e1d5f fixes #1087: yargs@8 causes error output with webpack@2.xc9d32f8 fixes #1084: template literals causing errors on IE (#1089)6e18fa6 add promise-config example8f897c5 fixes #1086: promise configs fix and example35295b7 update issue template to include commonly needed infoThere are 70 commits in total.
See the full diff
greenkeeper[bot]
commented
7 years ago Your tests are passing again with this version. Explicitly upgrade to this version ๐
Changed property descriptor for Array.includes polyfill (#1134)
Remove header additional property validation (#1115)
Allow explicitly setting the protocol from the public option (#1117)
Updates readme with support, usage, and caveats (outlines no support for old IE)
The new version differs by 75 commits.
32412bb 2.9.21af8f0e Remove header property validation (#1115)c490b24 allow explicitly setting the protocol from the public option (#1117)ee7231b Changed property descriptor for Array.includes polyfill (#1134)5a7f26b updating readme with support, usage, and caveats97484a9 2.9.18de5d0a fix errant always-on log message regarding 'setup'5982806 2.9.0dcb4e3d feat: deprecate setup in favor of before and after hooks (#1108)8bc6daa adding modification option to issue template33bef0d fixes #1109: internal-ip update breaks useLocalIp option114e67c Fixed check for webpack/hot/log when setting HMR log level. (#1096)bad7ed5 Made error overlay translucent. (#1097)3e24ac4 Fix quote style to satisfy ESLint (#1098)bc22935 2.8.2There are 75 commits in total.
See the full diff
greenkeeper[bot]
commented
7 years ago Your tests are passing again with this version. Explicitly upgrade to this version ๐
The new version differs by 78 commits.
3d72858 2.9.3a3f7277 fixes #1082, #1142. bin file bails if local module detected06df2f4 Use built version os sockjs-client (#1148)32412bb 2.9.21af8f0e Remove header property validation (#1115)c490b24 allow explicitly setting the protocol from the public option (#1117)ee7231b Changed property descriptor for Array.includes polyfill (#1134)5a7f26b updating readme with support, usage, and caveats97484a9 2.9.18de5d0a fix errant always-on log message regarding 'setup'5982806 2.9.0dcb4e3d feat: deprecate setup in favor of before and after hooks (#1108)8bc6daa adding modification option to issue template33bef0d fixes #1109: internal-ip update breaks useLocalIp option114e67c Fixed check for webpack/hot/log when setting HMR log level. (#1096)There are 78 commits in total.
See the full diff
Version 2.4.3 of webpack-dev-server just got published.
This version is covered by your current version range and after updating it in your project the build failed.
As webpack-dev-server is โonlyโ a devDependency of this project it might not break production or downstream projects, but โonlyโ your build or test tools โ preventing new deploys or publishes.
I recommend you give this issue a high priority. Iโm sure you can resolve this :muscle:
Status Details
- โ **continuous-integration/travis-ci/push** The Travis CI build failed [Details](https://travis-ci.org/stevenfitzpatrick/stevenfitzpatrick.io/builds/224638864)Release Notes
v2.4.3Security fix:
This version contains a security fix, which is also breaking change if you have an insecure configuration.
We are releasing this breaking change as patch version to protect you from attacks.
Sorry if this breaks your setup, but the fix is easy.
We added a check for the correct
Hostheader to the webpack-dev-server.This allowed evil websites to access your assets.
The
Hostheader of the request have to match the listening adress or the host provided in thepublicoption.Make sure to provide correct values here.
The response will contain a note when using an incorrect
Hostheader.For usage behind a Proxy or similar setups we also added a
disableHostCheckoption to disable this check.Only use it when you know what you do. Not recommended.
This version also includes this security fix for webpack-dev-middleware: https://github.com/webpack/webpack-dev-middleware/releases/tag/v1.10.2
Note: This only affect the development server and middleware. webpack and built bundles are not affected.
Bugfixes:
Hostdoesn't match listening host orpublicoption.localhostor127.0.0.1are not blocked.Features:
disableHostCheckoption to disable the host checkCommits
The new version differs by 4 commits0.
ca932842.4.3f3a4ac6Merge branch 'security/host-check'8db5fd5Require a secure webpack-dev-middleware version2957853enable Host header check for all requests and socketsfalse
See the full diff
Not sure how things should work exactly?
There is a collection of [frequently asked questions](https://greenkeeper.io/faq.html) and of course you may always [ask my humans](https://github.com/greenkeeperio/greenkeeper/issues/new).Your Greenkeeper Bot :palm_tree: