search

uriel-naor / ISSUES

0 stars 0 forks source link

Update dependency webpack-dev-server to v3 - autoclosed #11

Closed uriel-mend-app[bot] closed 1 year ago

uriel-mend-app[bot] commented 1 year ago

This PR contains the following updates:

Package Type Update Change
webpack-dev-server dependencies major ^1.14.1 -> ^3.1.6

By merging this PR, the issue #6 will be automatically resolved and closed:

Severity CVSS Score CVE
High High 7.8 WS-2018-0107
High High 7.5 CVE-2018-14732

Release Notes

webpack/webpack-dev-server ### [`v3.1.6`](https://togithub.com/webpack/webpack-dev-server/blob/HEAD/CHANGELOG.md#​316-httpsgithubcomwebpackwebpack-dev-servercomparev315v316-2018-08-26) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v3.1.5...v3.1.6) ##### Bug Fixes - **bin:** handle `process` signals correctly when the server isn't ready yet ([#​1432](https://togithub.com/webpack/webpack-dev-server/issues/1432)) ([334c3a5](https://togithub.com/webpack/webpack-dev-server/commit/334c3a5)) - **examples/cli:** correct template path in `open-page` example ([#​1401](https://togithub.com/webpack/webpack-dev-server/issues/1401)) ([df30727](https://togithub.com/webpack/webpack-dev-server/commit/df30727)) - **schema:** allow the `output` filename to be a `{Function}` ([#​1409](https://togithub.com/webpack/webpack-dev-server/issues/1409)) ([e2220c4](https://togithub.com/webpack/webpack-dev-server/commit/e2220c4)) ### [`v3.1.5`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v3.1.5) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v3.1.4...v3.1.5) - Send the `Progress` event in the client so plugins can use it ([#​1427](https://togithub.com/webpack/webpack-dev-server/issues/1427)) - Update `sockjs-client` to fix infinite reconnection loop ([#​1434](https://togithub.com/webpack/webpack-dev-server/issues/1434)) ### [`v3.1.4`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v3.1.4) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v3.1.3...v3.1.4) - Update to webpack-dev-middleware 3.1.3, which should fix paths with a space not working on Windows ([#​1392](https://togithub.com/webpack/webpack-dev-server/issues/1392)) - Fix `logLevel` option `silent` not being accepted by schema validation ([#​1372](https://togithub.com/webpack/webpack-dev-server/issues/1372)) ### [`v3.1.3`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v3.1.3) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v3.1.2...v3.1.3) - Fix HMR causing a crash when trying to reload ### [`v3.1.2`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v3.1.2) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v3.1.1...v3.1.2) - Speed up incremental builds ([#​1362](https://togithub.com/webpack/webpack-dev-server/issues/1362)) - Update webpack-dev-middleware to 3.1.2 ### [`v3.1.1`](https://togithub.com/webpack/webpack-dev-server/blob/HEAD/CHANGELOG.md#​3114-httpsgithubcomwebpackwebpack-dev-servercomparev3113v3114-2018-12-24) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v3.1.0...v3.1.1) ##### Bug Fixes - add workaround for Origin header in sockjs ([#​1608](https://togithub.com/webpack/webpack-dev-server/issues/1608)) ([1dfd4fb](https://togithub.com/webpack/webpack-dev-server/commit/1dfd4fb)) ### [`v3.1.0`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v3.1.0) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v3.0.0...v3.1.0) #### Updates - Fancy logging; `webpack-log` is now used for logging to the terminal (webpack-dev-middleware was already using this). - The `logLevel` option is added for more fine-grained control over the logging. #### Bugfixes - MultiCompiler was broken with webpack 4. - Fix deprecation warnings caused by webpack 4. Note that you will still see some deprecation warnings because webpack-dev-middleware has not been updated yet. ### [`v3.0.0`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v3.0.0) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/5807c7462f6dd15cade9c74216f2e829c2653351...v3.0.0) #### Updates - **Breaking change:** webpack v4 is now supported. Older versions of webpack are **not** supported. - **Breaking change:** drops support for Node.js v4, going forward we only support v6+ (same as webpack). - webpack-dev-middleware updated to v2 ([see changes](https://togithub.com/webpack/webpack-dev-middleware/releases)). #### Bugfixes - After starting webpack-dev-server with an error in your code, it would not reload the page after fixing that error ([#​1317](https://togithub.com/webpack/webpack-dev-server/issues/1317)). - DynamicEntryPlugin is now supported correctly ([#​1319](https://togithub.com/webpack/webpack-dev-server/issues/1319)). Huge thanks to all the contributors! Please note that [webpack-serve](https://togithub.com/webpack-contrib/webpack-serve) will eventually be the successor of webpack-dev-server. The core features already work so if you're brave enough give it a try! ### [`v2.11.5`](https://togithub.com/webpack/webpack-dev-server/compare/298341f0757e871896c1a7a27983d15f977fb209...5807c7462f6dd15cade9c74216f2e829c2653351) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/298341f0757e871896c1a7a27983d15f977fb209...5807c7462f6dd15cade9c74216f2e829c2653351) ### [`v2.11.4`](https://togithub.com/webpack/webpack-dev-server/compare/v2.11.3...298341f0757e871896c1a7a27983d15f977fb209) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.11.3...298341f0757e871896c1a7a27983d15f977fb209) ### [`v2.11.3`](https://togithub.com/webpack/webpack-dev-server/compare/v2.11.2...v2.11.3) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.11.2...v2.11.3) ### [`v2.11.2`](https://togithub.com/webpack/webpack-dev-server/compare/v2.11.1...v2.11.2) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.11.1...v2.11.2) ### [`v2.11.1`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.11.1) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.11.0...v2.11.1) Our third attempt to fix compatibility with old browsers ([#​1273](https://togithub.com/webpack/webpack-dev-server/issues/1273)), this time we'll get it right. ### [`v2.11.0`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.11.0) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.10.1...v2.11.0) Version 2.11.0 adds the transpilation of the client scripts via babel to ES5 which restores backwards compatibility (that was removed in 2.8.0) to very old or out of date browsers. ### [`v2.10.1`](https://togithub.com/webpack/webpack-dev-server/compare/v2.10.0...v2.10.1) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.10.0...v2.10.1) ### [`v2.10.0`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.10.0) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.9.7...v2.10.0) Version 2.10.0 adds the transpilation of the client scripts via babel to ES5 which restores backwards compatibility (that was removed in 2.8.0) to very old or out of date browsers. **Important** webpack-dev-server has entered a maintenance-only mode. We won't be accepting any new features or major modifications. We'll still welcome pull requests for fixes however, and will continue to address any bugs that arise. Announcement with specifics pending. #### Bugfixes - iOS Safari 10 bug where SockJS couldn't be found ([#​1238](https://togithub.com/webpack/webpack-dev-server/issues/1238)) - `reportTime` option ([#​1209](https://togithub.com/webpack/webpack-dev-server/issues/1209)) - don't mutate stats configuration ([#​1174](https://togithub.com/webpack/webpack-dev-server/issues/1174)) - enable progress from config ([#​1181](https://togithub.com/webpack/webpack-dev-server/issues/1181)) #### Updates - transpile client bundles with babel ([#​1242](https://togithub.com/webpack/webpack-dev-server/issues/1242)) - dependency updates ([`ce30460`](https://togithub.com/webpack/webpack-dev-server/commit/ce30460)) - Increase minimum `marked` version for ReDos vuln ([#​1255](https://togithub.com/webpack/webpack-dev-server/issues/1255)) - Update sockjs dependency to fix auditjs security vulnerability warning ### [`v2.9.7`](https://togithub.com/webpack/webpack-dev-server/compare/v2.9.6...v2.9.7) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.9.6...v2.9.7) ### [`v2.9.6`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.9.6) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.9.5...v2.9.6) #### Bugfixes - fixes [#​1208](https://togithub.com/webpack/webpack-dev-server/issues/1208): watchOptions not passed to chokidar in wds ### [`v2.9.5`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.9.5) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.9.4...v2.9.5) #### Updates - fixes [#​1198](https://togithub.com/webpack/webpack-dev-server/issues/1198): bump express for security ([`6b2d7a0`](https://togithub.com/webpack/webpack-dev-server/commit/6b2d7a0)) ### [`v2.9.4`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.9.4) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.9.3...v2.9.4) #### Bugfixes - assert ssl certs aren't published. fixes [#​1171](https://togithub.com/webpack/webpack-dev-server/issues/1171) - fixes [#​860](https://togithub.com/webpack/webpack-dev-server/issues/860): failure to exit on SIGINT race condition ([#​1157](https://togithub.com/webpack/webpack-dev-server/issues/1157)) ### [`v2.9.3`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.9.3) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.9.2...v2.9.3) #### Bugfixes - Fixes [#​1082](https://togithub.com/webpack/webpack-dev-server/issues/1082), [#​1142](https://togithub.com/webpack/webpack-dev-server/issues/1142). bin file correctly prefers local module, uses it, and bails if local module detected. - Use dist/build `sockjs-client` instead of module source ([#​1148](https://togithub.com/webpack/webpack-dev-server/issues/1148)) ### [`v2.9.2`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.9.2) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.9.1...v2.9.2) #### Bugfixes Changed property descriptor for Array.includes polyfill ([#​1134](https://togithub.com/webpack/webpack-dev-server/issues/1134)) #### Updates Remove header additional property validation ([#​1115](https://togithub.com/webpack/webpack-dev-server/issues/1115)) Allow explicitly setting the protocol from the public option ([#​1117](https://togithub.com/webpack/webpack-dev-server/issues/1117)) Updates readme with support, usage, and caveats (outlines no support for old IE) ### [`v2.9.1`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.9.1) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.9.0...v2.9.1) Patch release to resolve an errant log message in `setup` ### [`v2.9.0`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.9.0) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.8.2...v2.9.0) *Note: Minor release due to addition of `before` and `after` hooks* #### Features Deprecate setup in favor of before and after hooks ([#​1108](https://togithub.com/webpack/webpack-dev-server/issues/1108)) #### Bugfixes Fixed check for webpack/hot/log when setting HMR log level. ([#​1096](https://togithub.com/webpack/webpack-dev-server/issues/1096)) fixes [#​1109](https://togithub.com/webpack/webpack-dev-server/issues/1109): internal-ip update breaks useLocalIp option Fix quote style to satisfy ESLint ([#​1098](https://togithub.com/webpack/webpack-dev-server/issues/1098)) #### Updates Made error overlay translucent. ([#​1097](https://togithub.com/webpack/webpack-dev-server/issues/1097)) ### [`v2.8.2`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.8.2) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.8.1...v2.8.2) #### Bugfixes fixes [#​1087](https://togithub.com/webpack/webpack-dev-server/issues/1087): yargs@8 causes error output with webpack@2.x fixes [#​1084](https://togithub.com/webpack/webpack-dev-server/issues/1084): template literals causing errors on IE ([#​1089](https://togithub.com/webpack/webpack-dev-server/issues/1089)) … fixes [#​1086](https://togithub.com/webpack/webpack-dev-server/issues/1086): promise configs fix and example #### Updates add promise-config example ### [`v2.8.1`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.8.1) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.8.0...v2.8.1) #### Bugfixes fixes [#​1081](https://togithub.com/webpack/webpack-dev-server/issues/1081), closes [#​1079](https://togithub.com/webpack/webpack-dev-server/issues/1079). addDevServerEndpoints needs app stub for createDomain fixes [#​1080](https://togithub.com/webpack/webpack-dev-server/issues/1080) - jQuery update caused live bundle iframe issue clean up progress option typo and options def ### [`v2.8.0`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.8.0) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.7.1...v2.8.0) #### Features - Print webpack progress to browser console ([#​1063](https://togithub.com/webpack/webpack-dev-server/issues/1063)) - Disable hot reloading with query string ([#​1068](https://togithub.com/webpack/webpack-dev-server/issues/1068)) #### Bugfixes - Fixes issue [#​1064](https://togithub.com/webpack/webpack-dev-server/issues/1064) by switching to a named logger ([#​1070](https://togithub.com/webpack/webpack-dev-server/issues/1070)) - Fix Broken Socket on Client for Custom/Random Port Numbers ([#​1060](https://togithub.com/webpack/webpack-dev-server/issues/1060)) - Addresses [#​998](https://togithub.com/webpack/webpack-dev-server/issues/998) to properly assign a random port and access the port assigned ([#​1054](https://togithub.com/webpack/webpack-dev-server/issues/1054)) - Don't generate ssl cert when one is already specified via options ([#​1036](https://togithub.com/webpack/webpack-dev-server/issues/1036)) - Fix for ./log module not found ([#​1050](https://togithub.com/webpack/webpack-dev-server/issues/1050)) - Fixes [#​1042](https://togithub.com/webpack/webpack-dev-server/issues/1042): overlay doesn't clear if errors are fixed but warnings remain ([#​1043](https://togithub.com/webpack/webpack-dev-server/issues/1043)) - Handle IPv6-addresses correctly in checkHost() ([#​1026](https://togithub.com/webpack/webpack-dev-server/issues/1026)) #### Updates - Allow `--open` option to specify the browser to use ([#​825](https://togithub.com/webpack/webpack-dev-server/issues/825)) - Adds requestCert support to the server - Code cleanup and ESLint + eslint-config-webpack ([#​1058](https://togithub.com/webpack/webpack-dev-server/issues/1058)) - Include `subjectAltName` field in self-signed cert ([#​987](https://togithub.com/webpack/webpack-dev-server/issues/987)) ### [`v2.7.1`](https://togithub.com/webpack/webpack-dev-server/compare/v2.6.1...v2.7.1) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.6.1...v2.7.1) ### [`v2.6.1`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.6.1) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.6.0...v2.6.1) - Move `loglevel` from devDependencies to dependencies [#​1001](https://togithub.com/webpack/webpack-dev-server/issues/1001) ### [`v2.6.0`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.6.0) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.5.1...v2.6.0) - Browser console messages now respect `clientLogLevel` ([#​921](https://togithub.com/webpack/webpack-dev-server/issues/921)). - Don't output startup info if `quiet` is set to `true` ([#​970](https://togithub.com/webpack/webpack-dev-server/issues/970)). - Only load Bonjour when needed ([#​958](https://togithub.com/webpack/webpack-dev-server/issues/958)). - Set HMR log level ([#​926](https://togithub.com/webpack/webpack-dev-server/issues/926)). - Do not show warnings @​ overlay unless explicitly set ([#​881](https://togithub.com/webpack/webpack-dev-server/issues/881)). - Add cli option `--disable-host-check` ([#​980](https://togithub.com/webpack/webpack-dev-server/issues/980)). ### [`v2.5.1`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.5.1) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.5.0...v2.5.1) ### Bugfixes Fix peer dependencies to support webpack 3 ( [#​946](https://togithub.com/webpack/webpack-dev-server/issues/946) ) ( Fixes [#​932](https://togithub.com/webpack/webpack-dev-server/issues/932) ) ### [`v2.5.0`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.5.0) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.4.5...v2.5.0) ### Security Don't provide a SSL cert, but generate one on demand. Unique for each developer. https://medium.com/[@​mikenorth/961572624c54](https://togithub.com/mikenorth/961572624c54) by Mike North ### Bugfixes - allow port 0 again - add `allowedHosts` option - better check for WebWorker - add `openPage` option to open a specific page - add `--bonjour` - add `lan` option, which listen on lan ip by default ### [`v2.4.5`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.4.5) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.4.4...v2.4.5) ### Bugfixes - fix a bug preventing publicHost from working ### [`v2.4.4`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.4.4) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.4.3...v2.4.4) ### Bugfixes: - add `disableHostCheck` to schema ### [`v2.4.3`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.4.3) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.4.2...v2.4.3) ### Security fix: This version contains a security fix, which is also breaking change if you have an insecure configuration. We are releasing this breaking change as patch version to protect you from attacks. Sorry if this breaks your setup, but the fix is easy. We added a check for the correct `Host` header to the webpack-dev-server. This allowed evil websites to access your assets. The `Host` header of the request have to match the listening adress or the host provided in the `public` option. Make sure to provide correct values here. The response will contain a note when using an incorrect `Host` header. For usage behind a Proxy or similar setups we also added a `disableHostCheck` option to disable this check. Only use it when you know what you do. Not recommended. This version also includes this security fix for webpack-dev-middleware: https://github.com/webpack/webpack-dev-middleware/releases/tag/v1.10.2 Note: This only affect the development server and middleware. webpack and built bundles are not affected. Credits to Ed Morley from Mozilla for reporting the issue. ### Bugfixes: - Requests are not blocked when `Host` doesn't match listening host or `public` option. - Requests to `localhost` or `127.0.0.1` are not blocked. ### Features: - Added `disableHostCheck` option to disable the host check ### [`v2.4.2`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.4.2) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.4.1...v2.4.2) - Properly close CLI when SIGINT or SIGTERM is called. This should fix some Docker issues ([#​787](https://togithub.com/webpack/webpack-dev-server/issues/787)). - Fix for `entry` not working when it was a function ([#​802](https://togithub.com/webpack/webpack-dev-server/issues/802)). - Fix for exception when using webpack-dev-server in a webworker ([#​813](https://togithub.com/webpack/webpack-dev-server/issues/813)). - Fix refresh loop that could happen on Firefox ([#​841](https://togithub.com/webpack/webpack-dev-server/issues/841)). - `contentBase` as an array did not work when used via CLI ([#​832](https://togithub.com/webpack/webpack-dev-server/issues/832)). - Proxy options were mutated, so this could lead to problems when re-using them ([#​836](https://togithub.com/webpack/webpack-dev-server/issues/836)). ### [`v2.4.1`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.4.1) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.4.0...v2.4.1) - After fixing a warning/error, the overlay was not always cleared correctly ([`3cb79bd`](https://togithub.com/webpack/webpack-dev-server/commit/3cb79bd39489d12a2df9896ce204b8de15e636f4)). ### [`v2.4.0`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.4.0) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.3.0...v2.4.0) - `contentBase: false` in combination with the `historyApiFallback` option threw an error ([#​791](https://togithub.com/webpack/webpack-dev-server/issues/791)). - Separate logic of adding entry points to the webpack config; this allows alternative implementations like the webpack grunt plugin to use this instead of copying the code ([#​782](https://togithub.com/webpack/webpack-dev-server/issues/782)). - Update SockJS dependency to fix issue with FireFox constantly refreshing the page ([#​762](https://togithub.com/webpack/webpack-dev-server/issues/762)). - Show clear error message when `--open` fails to open the browser ([#​780](https://togithub.com/webpack/webpack-dev-server/issues/780)). - Allow `overlay` option to also show compiler warnings (off by default) ([#​790](https://togithub.com/webpack/webpack-dev-server/issues/790)): ```js overlay: { errors: true, warnings: true } ``` ### [`v2.3.0`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.3.0) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.2.1...v2.3.0) - Add new fancy error overlay in-browser, which shows up when there are compilation errors. Disabled by default, add `overlay: true` to enable ([#​764](https://togithub.com/webpack/webpack-dev-server/issues/764))! - If you use `--open` and `options.public`, the browser will now open the same URL as you have defined in `public` ([#​749](https://togithub.com/webpack/webpack-dev-server/issues/749)). - `options.port` now allows strings to be passed in, previously only integers were accepted ([#​766](https://togithub.com/webpack/webpack-dev-server/issues/766)). ### [`v2.2.1`](https://togithub.com/webpack/webpack-dev-server/compare/v2.2.0...v2.2.1) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v2.2.0...v2.2.1) ### [`v2.2.0`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v2.2.0) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.16.5...v2.2.0) ### First webpack-dev-server 2 release Following the [webpack 2 release](https://togithub.com/webpack/webpack/releases/tag/v2.2.0). It's equal to the last RC. If you're curious about the highlights, read this [fancy Medium post](https://medium.com/webpack/whats-new-in-webpack-dev-server-2-0-a66848c3679#.chllx0i0m). ### [`v1.16.5`](https://togithub.com/webpack/webpack-dev-server/compare/v1.16.4...v1.16.5) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.16.4...v1.16.5) ### [`v1.16.4`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v1.16.4) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.16.3...v1.16.4) ### Security fix: This version contains a security fix, which is also breaking change if you have an insecure configuration. We are releasing this breaking change as patch version to protect you from attacks. Sorry if this breaks your setup, but the fix is easy. We added a check for the correct `Host` header to the webpack-dev-server. This allowed evil websites to access your assets. The `Host` header of the request have to match the listening adress or the host provided in the `public` option. Make sure to provide correct values here. The response will contain a note when using an incorrect `Host` header. For usage behind a Proxy or similar setups we also added a `disableHostCheck` option to disable this check. Only use it when you know what you do. Not recommended. This version also includes this security fix for webpack-dev-middleware: https://github.com/webpack/webpack-dev-middleware/releases/tag/v1.10.2 Note: This only affect the development server and middleware. webpack and built bundles are not affected. Credits to Ed Morley from Mozilla for reporting the issue. ### Bugfixes: - Requests are not blocked when `Host` doesn't match listening host or `public` option. - Requests to `localhost` or `127.0.0.1` are not blocked. ### Features: - Added `disableHostCheck` option to disable the host check ### [`v1.16.3`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v1.16.3) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.16.2...v1.16.3) Probably the last release in the v1.x range: - Backport support for webpack config as a `Promise`. ### [`v1.16.2`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v1.16.2) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.16.1...v1.16.2) - Backport a few fixes from v2: - Support for PFX files as SSL connection options ([#​630](https://togithub.com/webpack/webpack-dev-server/issues/630)). - Fix edge case where quickly refreshing the browser could result in the server crashing ([#​637](https://togithub.com/webpack/webpack-dev-server/issues/637)). - Webpack bundle assets were not loaded after using the proxy `bypass` feature ([#​614](https://togithub.com/webpack/webpack-dev-server/issues/614)). ### [`v1.16.1`](https://togithub.com/webpack/webpack-dev-server/compare/v1.16.0...v1.16.1) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.16.0...v1.16.1) ### [`v1.16.0`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v1.16.0) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.15.2...v1.16.0) - Backport a few more fixes from v2: - Add `clientLogLevel` (`--client-log-level` for CLI) option. It controls the log messages shown in the browser. Available levels are `error`, `warning`, `info` or `none` ([#​579](https://togithub.com/webpack/webpack-dev-server/issues/579)). - Limit websocket retries when the server can't be reached ([#​589](https://togithub.com/webpack/webpack-dev-server/issues/589)). ### [`v1.15.2`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v1.15.2) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.15.1...v1.15.2) - Backport a few fixes from v2 ([#​604](https://togithub.com/webpack/webpack-dev-server/issues/604)): - Using https and manually including the client script resulted in a wrong url for the websocket. - Manually including the client script didn't work resulted in a wrong url for the websocket in some cases. - Compatibility with platforms that don't use a hostname (Electron / Ionic). ### [`v1.15.1`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v1.15.1) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.15.0...v1.15.1) - Fix the `bypass` config option for proxies ([#​563](https://togithub.com/webpack/webpack-dev-server/issues/563)). - Reverted a change that prevented clicks from registering in the iframe. - Fix using `*` as a proxy wildcard. - Avoid accessing `document` when using inline modus ([#​577](https://togithub.com/webpack/webpack-dev-server/issues/577)). ### [`v1.15.0`](https://togithub.com/webpack/webpack-dev-server/releases/tag/v1.15.0) [Compare Source](https://togithub.com/webpack/webpack-dev-server/compare/v1.14.1...v1.15.0) - Use http-proxy-middleware instead of http-proxy. This fixes compatibility with native web sockets ([#​359](https://togithub.com/webpack/webpack-dev-server/issues/359)). - Properly close the server, which fixes issues with the port not freeing up ([#​357](https://togithub.com/webpack/webpack-dev-server/issues/357)). - Add `--stdin` flag, to close the dev server on process exit ([#​352](https://togithub.com/webpack/webpack-dev-server/issues/352)). - Fix issues with incorrect socket urls ([#​338](https://togithub.com/webpack/webpack-dev-server/issues/338), [#​443](https://togithub.com/webpack/webpack-dev-server/issues/443), [#​447](https://togithub.com/webpack/webpack-dev-server/issues/447)). - Add `--open` flag to open a browser pointing to the server ([#​329](https://togithub.com/webpack/webpack-dev-server/issues/329)). - Add `--public` flag to override the url used for connecting to the web socket ([#​368](https://togithub.com/webpack/webpack-dev-server/issues/368)). - Allow array for `options.contentBase`, so multiple sources are allowed ([#​374](https://togithub.com/webpack/webpack-dev-server/issues/374)). - Add `options.staticOptions` to allow passing through Express static options ([#​385](https://togithub.com/webpack/webpack-dev-server/issues/385)). - Update self-signed certs ([#​436](https://togithub.com/webpack/webpack-dev-server/issues/436)). - Don't reload the app upon proxy errors ([#​478](https://togithub.com/webpack/webpack-dev-server/issues/478)). - Allow running dev-server behind https proxy ([#​470](https://togithub.com/webpack/webpack-dev-server/issues/470)). - Set headers on all requests to support e.g. CORS ([#​499](https://togithub.com/webpack/webpack-dev-server/issues/499)). - Fix `--cacert` flag not doing anything ([#​532](https://togithub.com/webpack/webpack-dev-server/issues/532)). - Allow using Express middleware ([#​537](https://togithub.com/webpack/webpack-dev-server/issues/537)).