search

webpack / webpack-dev-server

Serves a webpack app. Updates the browser on changes. Documentation https://webpack.js.org/configuration/dev-server/.
MIT License
7.76k stars 1.43k forks source link

chore: upgrading express from version 4.17.3 to version 4.19.2 due to vulnerability #5134

Closed codingwithbenny closed 3 months ago

codingwithbenny commented 3 months ago

For Bugs and Features; did you add new tests?

This is not a bug or a feature and does not need tests.

Motivation / Use-Case

This pull request solves the vulnerability in Express that was recently discovered in all versions 4.19.1 and below. It has been fixed in version 4.19.2. The vulnerability is CVE-2024-29041.

This is preventing application security software such as Veracode from passing security checks for any applications that utilize webpack-dev-server.

Breaking Changes

No Breaking changes that I am aware of.

Additional Info

Thank you very much!

linux-foundation-easycla[bot] commented 3 months ago

CLA Signed

The committers listed above are authorized under a signed CLA.

codecov[bot] commented 3 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 90.29%. Comparing base (af6bd68) to head (b898c98). Report is 20 commits behind head on master.

:exclamation: Current head b898c98 differs from pull request most recent head 687b3b6. Consider uploading reports for the commit 687b3b6 to get more accurate results

Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #5134 +/- ## ======================================= Coverage 90.29% 90.29% ======================================= Files 15 15 Lines 1577 1577 Branches 601 600 -1 ======================================= Hits 1424 1424 Misses 140 140 Partials 13 13 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.