[Snyk] Security upgrade webpack-dev-server from 3.2.1 to 4.0.0

[saxenakshitiz]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • pinot-controller/src/main/resources/package.json
  • pinot-controller/src/main/resources/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: webpack-dev-server

The new version differs by 250 commits.

• c9271b9 chore(release): 4.0.0
• 18bf369 test: fix stability ([TE] Fix for anomaly legend values for non_additive daily metrics apache/pinot#3676)
• cdcabb2 fix: respect protocol from browser for manual setup (Sslbranch apache/pinot#3675)
• 1768d6b fix: initial reloading for lazy compilation ([TE] yaml - fix detection config DTO revert in yaml alert creation apache/pinot#3662)
• 4f5bab1 docs: improve examples (Change package name from com.linkedin to org.apache apache/pinot#3672)
• f2d87fb fix: improve https CLI output (thirdeye with druid apache/pinot#3673)
• 0277c5e chore: remove redundant console statements ( Make different PinotFS concrete classes have the same behaviors apache/pinot#3671)
• 16fcdbc docs: add `ipc` example (Try fixing flaky tests by adding 0.5s sleep apache/pinot#3667)
• 8915fb8 test: add e2e tests for built in routes (Added a log when access is denied apache/pinot#3669)
• 4d1cbe1 docs: ask `version` information in issue template (Split validation manager tasks into separate periodic tasks apache/pinot#3668)
• b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 ([TE] task - yet another backlog gauge fix apache/pinot#3666)
• ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (Better handle error messages in periodic tasks apache/pinot#3665)
• f1fdaa7 chore(release): 4.0.0-rc.1
• c4678bc fix: legacy API ([TE] Skip scheduling detection task if one is already in the queue apache/pinot#3660)
• d8bdd03 test: fix stability (Add documentation for the new config format apache/pinot#3661)
• 22b1414 refactor: remove `killable` (Your project linkedin/pinot is using buggy third-party libraries [WARNING] apache/pinot#3657)
• 75bafbf test: add e2e tests for module federation (Your project linkedin/pinot is using buggy third-party libraries [WARNING] apache/pinot#3658)
• 493ccbd chore(deps): update `ws` (Your project linkedin/pinot is using buggy third-party libraries [WARNING] apache/pinot#3652)
• ae8c523 test: add e2e test for universal compiler (Your project linkedin/pinot is using buggy third-party libraries [WARNING] apache/pinot#3656)
• f94b84f chore(deps): update (Your project linkedin/pinot is using buggy third-party libraries [WARNING] apache/pinot#3655)
• 1923132 test: fix cli
• 2adfd01 test: fix todo (Your project linkedin/pinot is using buggy third-party libraries [WARNING] apache/pinot#3653)
• 6e2cbde fix: proxy logging and allow to pass options without the `target` option (Your project linkedin/pinot is using buggy third-party libraries [WARNING] apache/pinot#3651)
• c9ccc96 fix: respect infastructureLogging.level for client.logging (Add config to set batchMessageMode on ideal state of new tables apache/pinot#3613)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[codecov]

Codecov Report

Merging #148 (d157037) into master (91c2ebb) will decrease coverage by 1.04%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##             master     #148      +/-   ##
============================================
- Coverage     70.80%   69.76%   -1.05%     
+ Complexity     4255     4254       -1     
============================================
  Files          1636     1636              
  Lines         85804    85804              
  Branches      12920    12920              
============================================
- Hits          60756    59859     -897     
- Misses        20855    21789     +934     
+ Partials       4193     4156      -37     

Flag	Coverage Δ
integration1	28.94% <ø> (+0.03%)	⬆️
integration2	?
unittests1	66.90% <ø> (+0.01%)	⬆️
unittests2	14.18% <ø> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
...apache/pinot/common/helix/ExtraInstanceConfig.java	0.00% <0.00%> (-100.00%)	⬇️
...t/core/plan/StreamingInstanceResponsePlanNode.java	0.00% <0.00%> (-100.00%)	⬇️
...ore/operator/streaming/StreamingResponseUtils.java	0.00% <0.00%> (-100.00%)	⬇️
...ager/realtime/PeerSchemeSplitSegmentCommitter.java	0.00% <0.00%> (-100.00%)	⬇️
...he/pinot/core/plan/StreamingSelectionPlanNode.java	0.00% <0.00%> (-88.89%)	⬇️
...ator/streaming/StreamingSelectionOnlyOperator.java	0.00% <0.00%> (-87.81%)	⬇️
...re/query/reduce/SelectionOnlyStreamingReducer.java	0.00% <0.00%> (-85.72%)	⬇️
...pache/pinot/common/utils/grpc/GrpcQueryClient.java	0.00% <0.00%> (-80.86%)	⬇️
...ller/api/access/BasicAuthAccessControlFactory.java	0.00% <0.00%> (-80.00%)	⬇️
...roker/requesthandler/GrpcBrokerRequestHandler.java	0.00% <0.00%> (-78.58%)	⬇️
... and 84 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 91c2ebb...d157037. Read the comment docs.