[Snyk] Upgrade webpack-dev-server from 3.10.3 to 5.1.0 #578

WontonSam · 2024-10-03T01:07:57Z

Snyk has created this PR to upgrade webpack-dev-server from 3.10.3 to 5.1.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

The recommended version is 50 versions ahead of your current version.
The recommended version was released on a month ago.

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	45	No Known Exploit
Prototype Pollution SNYK-JS-AJV-584908	45	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	45	Proof of Concept
Improper Handling of Extra Parameters SNYK-JS-FOLLOWREDIRECTS-6141137	45	Proof of Concept
Prototype Poisoning SNYK-JS-QS-3153490	45	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	45	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	45	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	45	Proof of Concept
Prototype Pollution SNYK-JS-INI-1048974	45	Proof of Concept
Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	45	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	45	Proof of Concept
Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	45	No Known Exploit
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	45	Proof of Concept
Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	45	No Known Exploit
Prototype Pollution SNYK-JS-LOADERUTILS-3043105	45	No Known Exploit
Prototype Pollution SNYK-JS-LOADERUTILS-3043105	45	No Known Exploit
Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	45	No Known Exploit
Cryptographic Issues SNYK-JS-ELLIPTIC-571484	45	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	45	No Known Exploit
Prototype Pollution SNYK-JS-NODEFORGE-2331908	45	No Known Exploit
Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	45	No Known Exploit
Open Redirect SNYK-JS-EXPRESS-6474509	45	No Known Exploit
Cross-site Scripting SNYK-JS-EXPRESS-7926867	45	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	45	Proof of Concept
Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	45	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	45	Proof of Concept
Open Redirect SNYK-JS-URLPARSE-1533425	45	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	45	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	45	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	45	Proof of Concept
Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	45	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	45	No Known Exploit
Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	45	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	45	No Known Exploit
Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	45	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	45	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	45	No Known Exploit
Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	45	Proof of Concept
Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	45	Proof of Concept
Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	45	Proof of Concept
Prototype Pollution SNYK-JS-Y18N-1021887	45	Proof of Concept
Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	45	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	45	Proof of Concept
Arbitrary File Overwrite SNYK-JS-TAR-1536528	45	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	45	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	45	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	45	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	45	No Known Exploit
Prototype Pollution SNYK-JS-NODEFORGE-598677	45	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	45	Proof of Concept
Prototype Pollution SNYK-JS-NUNJUCKS-1079083	45	Proof of Concept
Improper Input Validation SNYK-JS-URLPARSE-2407770	45	Proof of Concept
Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	45	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WEBSOCKETEXTENSIONS-570623	45	Proof of Concept
Denial of Service (DoS) SNYK-JS-WS-7266574	45	Proof of Concept
Code Injection SNYK-JS-LODASH-1040724	45	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-567746	45	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-608086	45	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-6139239	45	Proof of Concept
Information Exposure SNYK-JS-EVENTSOURCE-2823375	45	Proof of Concept
Prototype Pollution SNYK-JS-YARGSPARSER-560381	45	Proof of Concept
Denial of Service (DoS) SNYK-JS-SOCKJS-575261	45	Proof of Concept
Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	45	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	45	No Known Exploit
Improper Input Validation SNYK-JS-URLPARSE-1078283	45	No Known Exploit
Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	45	No Known Exploit
Cross-site Scripting (XSS) SNYK-JS-NUNJUCKS-5431309	45	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	45	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	45	Proof of Concept
Access Restriction Bypass SNYK-JS-URLPARSE-2401205	45	Proof of Concept
Authorization Bypass SNYK-JS-URLPARSE-2407759	45	Proof of Concept
Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	45	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	45	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	45	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	45	No Known Exploit
Open Redirect SNYK-JS-NODEFORGE-2330875	45	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:debug:20170905	45	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:debug:20170905	45	Proof of Concept
Cross-site Scripting SNYK-JS-SEND-7926862	45	No Known Exploit
Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	45	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	45	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-2429795	45	Proof of Concept

Release notes

Package name: webpack-dev-server

5.1.0 - 2024-09-03
5.1.0 (2024-09-03)

Features
- add visual progress indicators (a8f40b7)
- added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
- allow the server option to be Function (#5275) (02a1c6d)
- http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)
Bug Fixes
- check the platform property to determinate the target (#5269) (c3b532c)
- ipv6 output (#5270) (06005e7)
- replace rimraf with rm (#5162) (1a1561f)
- replace default gateway (#5255) (f5f0902)
- support devServer: false (#5272) (8b341cb)
5.0.4 - 2024-03-19
5.0.4 (2024-03-19)

Bug Fixes
- security: bump webpack-dev-middleware (#5112) (aab576a)
5.0.3 - 2024-03-12
5.0.3 (2024-03-12)

Bug Fixes
- types: proxy (#5101) (6e1aed3)
5.0.2 - 2024-02-16
5.0.2 (2024-02-16)

Bug Fixes
- types (#5057) (da2c24d)
5.0.1 - 2024-02-13
5.0.1 (2024-02-13)

Bug Fixes
- avoid using eval in client (#5045) (7681477)
- overlay and require-trusted-types-for (#5046) (e115436)
5.0.0 - 2024-02-12
5.0.0 (2024-02-12)

Migration Guide and Changes.
4.15.2 - 2024-03-20
4.15.2 (2024-03-20)

Bug Fixes
- security: bump webpack-dev-middleware (4116209)
4.15.1 - 2023-06-09
4.15.1 (2023-06-09)

Bug Fixes
- replace :: with localhost before openBrowser() (#4856) (874c44b)
- types: compatibility with @ types/ws (#4899) (34bcec2)
4.15.0 - 2023-05-07
4.15.0 (2023-05-07)

Features
- overlay displays unhandled promise rejection (#4849) (d1dd430)
4.14.0 - 2023-05-06
4.14.0 (2023-05-06)

Features
- allow CLI to be ESM (#4837) (bb4a5d9)
- allow filter overlay errors/warnings/runtimeErrors with function (#4813) (aab01b3)
4.13.3 - 2023-04-15
4.13.2 - 2023-03-31
4.13.1 - 2023-03-18
4.13.0 - 2023-03-17
4.12.0 - 2023-03-14
4.11.1 - 2022-09-19
4.11.0 - 2022-09-07
4.10.1 - 2022-08-29
4.10.0 - 2022-08-10
4.9.3 - 2022-06-29
4.9.2 - 2022-06-06
4.9.1 - 2022-05-31
4.9.0 - 2022-05-04
4.8.1 - 2022-04-06
4.8.0 - 2022-04-05
4.7.4 - 2022-02-02
4.7.3 - 2022-01-11
4.7.2 - 2021-12-29
4.7.1 - 2021-12-22
4.7.0 - 2021-12-21
4.6.0 - 2021-11-25
4.5.0 - 2021-11-13
4.4.0 - 2021-10-27
4.3.1 - 2021-10-04
4.3.0 - 2021-09-25
4.2.1 - 2021-09-13
4.2.0 - 2021-09-09
4.1.1 - 2021-09-07
4.1.0 - 2021-08-31
4.0.0 - 2021-08-18
4.0.0-rc.1 - 2021-08-17
4.0.0-rc.0 - 2021-07-19
4.0.0-beta.3 - 2021-05-06
4.0.0-beta.2 - 2021-04-06
4.0.0-beta.1 - 2021-03-23
4.0.0-beta.0 - 2020-11-27
3.11.3 - 2021-11-08
3.11.2 - 2021-01-13
3.11.1 - 2020-12-29
3.11.0 - 2020-05-08
3.10.3 - 2020-02-05

from webpack-dev-server GitHub release notes

Important

Warning: This PR contains a major version upgrade, and may be a breaking change.
Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"webpack-dev-server","from":"3.10.3","to":"5.1.0"}],"env":"prod","hasFixes":true,"isBreakingChange":true,"isMajorUpgrade":true,"issuesToFix":[{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-NODEFORGE-2430339","issue_id":"SNYK-JS-NODEFORGE-2430339","priority_score":107,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00072},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Mar 20 2022 16:39:52 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":1.89},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-AJV-584908","issue_id":"SNYK-JS-AJV-584908","priority_score":165,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.0037},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Jul 16 2020 13:58:04 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":1.68},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ANSIHTML-1296849","issue_id":"SNYK-JS-ANSIHTML-1296849","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00216},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Aug 18 2021 15:37:20 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.65},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-FOLLOWREDIRECTS-6141137","issue_id":"SNYK-JS-FOLLOWREDIRECTS-6141137","priority_score":158,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00051},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Jan 01 2024 15:19:32 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":2.81},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Improper Handling of Extra Parameters"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-QS-3153490","issue_id":"SNYK-JS-QS-3153490","priority_score":162,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01947},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Dec 04 2022 12:24:32 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.69},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Prototype Poisoning"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00152},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Jun 20 2023 15:39:58 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.64},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00152},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Jun 20 2023 15:39:58 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.64},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00152},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Jun 20 2023 15:39:58 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.64},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-INI-1048974","issue_id":"SNYK-JS-INI-1048974","priority_score":151,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01218},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Dec 10 2020 18:08:38 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":2.67},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-IP-6240864","issue_id":"SNYK-JS-IP-6240864","priority_score":221,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00084},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Feb 11 2024 07:37:52 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":7.84},{"name":"likelihood","value":2.81},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ASYNC-2441827","issue_id":"SNYK-JS-ASYNC-2441827","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.0017},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Apr 07 2022 14:22:18 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.64},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-BROWSERIFYSIGN-6037026","issue_id":"SNYK-JS-BROWSERIFYSIGN-6037026","priority_score":124,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"high"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00058},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Oct 27 2023 12:03:19 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.06},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-DECODEURICOMPONENT-3149970","issue_id":"SNYK-JS-DECODEURICOMPONENT-3149970","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00382},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Nov 28 2022 16:12:34 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.65},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-DNSPACKET-1293563","issue_id":"SNYK-JS-DNSPACKET-1293563","priority_score":133,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"low"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00097},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu May 20 2021 14:40:43 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":8.78},{"name":"likelihood","value":1.5},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Remote Memory Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-LOADERUTILS-3043105","issue_id":"SNYK-JS-LOADERUTILS-3043105","priority_score":115,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.0097},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Nov 04 2022 09:08:14 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.91},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-LOADERUTILS-3043105","issue_id":"SNYK-JS-LOADERUTILS-3043105","priority_score":115,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.0097},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Nov 04 2022 09:08:14 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.91},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-BODYPARSER-7926860","issue_id":"SNYK-JS-BODYPARSER-7926860","priority_score":111,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00043},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Sep 11 2024 11:22:36 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.84},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Asymmetric Resource Consumption (Amplification)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ELLIPTIC-571484","issue_id":"SNYK-JS-ELLIPTIC-571484","priority_score":221,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00353},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Jun 17 2020 10:03:22 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.08},{"name":"likelihood","value":2.43},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Cryptographic Issues"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-LOADERUTILS-3105943","issue_id":"SNYK-JS-LOADERUTILS-3105943","priority_score":45,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00694},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Nov 07 2022 16:01:55 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":1.91},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-NODEFORGE-2331908","issue_id":"SNYK-JS-NODEFORGE-2331908","priority_score":99,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"low"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Jan 09 2022 15:54:48 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":1.75},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-NODEFORGE-2430337","issue_id":"SNYK-JS-NODEFORGE-2430337","priority_score":94,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00071},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Mar 20 2022 16:39:53 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":1.67},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-EXPRESS-6474509","issue_id":"SNYK-JS-EXPRESS-6474509","priority_score":74,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00044},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Mar 26 2024 07:34:23 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":4.54},{"name":"likelihood","value":1.61},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Open Redirect"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-EXPRESS-7926867","issue_id":"SNYK-JS-EXPRESS-7926867","priority_score":79,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00043},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Sep 11 2024 12:24:12 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":1.39},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Cross-site Scripting"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-FOLLOWREDIRECTS-2332181","issue_id":"SNYK-JS-FOLLOWREDIRECTS-2332181","priority_score":119,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"none"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00151},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Jan 12 2022 12:49:36 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.98},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-IP-7148531","issue_id":"SNYK-JS-IP-7148531","priority_score":119,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue May 28 2024 08:06:24 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":4.19},{"name":"likelihood","value":2.83},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Server-Side Request Forgery (SSRF)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-JSON5-3182856","issue_id":"SNYK-JS-JSON5-3182856","priority_score":179,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"low"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01027},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Dec 25 2022 08:45:14 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":7.84},{"name":"likelihood","value":2.28},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-URLPARSE-1533425","issue_id":"SNYK-JS-URLPARSE-1533425","priority_score":63,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00126},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Jul 26 2021 15:23:41 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"busine...

Snyk has created this PR to upgrade webpack-dev-server from 3.10.3 to 5.1.0. See this package in npm: webpack-dev-server See this project in Snyk: https://app.snyk.io/org/cachiman/project/97d60606-740e-4000-846f-869887140a67?utm_source=github&utm_medium=referral&page=upgrade-pr

google-cla · 2024-10-03T01:08:02Z

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade webpack-dev-server from 3.10.3 to 5.1.0 #578

[Snyk] Upgrade webpack-dev-server from 3.10.3 to 5.1.0 #578

WontonSam commented Oct 3, 2024

5.1.0 (2024-09-03)

Features

Bug Fixes

5.0.4 (2024-03-19)

Bug Fixes

5.0.3 (2024-03-12)

Bug Fixes

5.0.2 (2024-02-16)

Bug Fixes

5.0.1 (2024-02-13)

Bug Fixes

5.0.0 (2024-02-12)

4.15.2 (2024-03-20)

Bug Fixes

4.15.1 (2023-06-09)

Bug Fixes

4.15.0 (2023-05-07)

Features

4.14.0 (2023-05-06)

Features

google-cla bot commented Oct 3, 2024

[Snyk] Upgrade webpack-dev-server from 3.10.3 to 5.1.0 #578

Are you sure you want to change the base?

[Snyk] Upgrade webpack-dev-server from 3.10.3 to 5.1.0 #578

Conversation

WontonSam commented Oct 3, 2024

Snyk has created this PR to upgrade webpack-dev-server from 3.10.3 to 5.1.0.

Issues fixed by the recommended upgrade:

5.1.0 (2024-09-03)

Features

Bug Fixes

5.0.4 (2024-03-19)

Bug Fixes

5.0.3 (2024-03-12)

Bug Fixes

5.0.2 (2024-02-16)

Bug Fixes

5.0.1 (2024-02-13)

Bug Fixes

5.0.0 (2024-02-12)

4.15.2 (2024-03-20)

Bug Fixes

4.15.1 (2023-06-09)

Bug Fixes

4.15.0 (2023-05-07)

Features

4.14.0 (2023-05-06)

Features

google-cla bot commented Oct 3, 2024