Bump webpack-dev-server 3.11.0 -> 3.11.1 #10312
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Resolves facebook#10084 security vulnerability in websocket-driver library version 0.5.6, imported transitively by sockjs
Awarua-
requested review from
ianschmitz,
iansu,
mrmckeb and
petetnt
as code owners
|
Hi @Awarua-! Thank you for your pull request and welcome to our community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. In order for us to review and merge your code, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA. If you have received this in error or have any questions, please contact us at [email protected]. Thanks! |
|
Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Facebook open source project. Thanks! |
[email protected] doesn't appear to exist from what I can see, 0.5.4 predates and 0.6.0 follows after. [email protected] doesn't appear to use sockjs Edit: Slightly confused as nothing they updated the deps of had an actual (reported) vuln, closest one which had a (now publically disclosed) vulnerability was sockjs versions <0.3.20. Looks like something happened upstream in webpack-dev-server though |
|
@dudeisbrendan03 websocket-driver has vulnerability https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/websocket-driver/JS/NPM/lid-3225/summary |
|
Ah, not sure what was running through my head when looking at webpack-dev |
maghost
pushed a commit
to GamersClub/create-react-app
that referenced
this pull request
Feb 22, 2021
Bump webpack-dev-server 3.11.0 -> 3.11.1 (facebook#10312)
blackarctic
added a commit
to blackarctic/create-react-app
that referenced
this pull request
Apr 29, 2021
* Fix noFallthroughCasesInSwitch/jsx object is not extensible (facebook#9921) Co-authored-by: Konstantin Simeonov <[email protected]> * Add logo license to README * Remove trailing space in reportWebVitals.ts (facebook#10040) * docs: add React Testing Library as a library requiring jsdom (facebook#10052) Co-authored-by: Ian Schmitz <[email protected]> * Increase Workbox's maximumFileSizeToCacheInBytes (facebook#10048) * Create FUNDING.yml * replace inquirer with prompts (facebook#10083) - remove `react-dev-utils/inquirer` public import * Prepare 4.0.1 release * Prepare 4.0.1 release * Publish - [email protected] - [email protected] - [email protected] - [email protected] - [email protected] * chore: bump web-vital dependency version (facebook#10143) * chore: bump typescript version (facebook#10141) Co-authored-by: Ian Schmitz <[email protected]> * Add TypeScript 4.x as peerDependency to react-scripts(facebook#9964) * remove chalk from formatWebpackMessages (facebook#10198) * Upgrade @svgr/webpack to fix build error (facebook#10213) Co-authored-by: Ian Schmitz <[email protected]> * Improve vendor chunk names in development (facebook#9569) * Update postcss packages (facebook#10003) Co-authored-by: Ian Schmitz <[email protected]> * Recovered some integration tests (facebook#10091) * Upgrade sass-loader (facebook#9988) * Move ESLint cache file into node_modules (facebook#9977) Co-authored-by: Ian Schmitz <[email protected]> * Revert "Update postcss packages" (facebook#10216) This reverts commit 580ed5d. * Remove references to Node 8 (facebook#10214) * fix(react-scripts): add missing peer dependency react and update react-refresh-webpack-plugin (facebook#9872) * Update using-the-public-folder.md (facebook#10314) Some library --> Some libraries * docs: add missing override options for Jest config (facebook#9473) * Fix CI tests (facebook#10217) * appTsConfig immutability handling by immer (facebook#10027) Co-authored-by: mad-jose <[email protected]> * Add support for new BUILD_PATH advanced configuration variable (facebook#8986) * Add opt-out for eslint-webpack-plugin (facebook#10170) * Prepare 4.0.2 release * Publish - [email protected] - [email protected] - [email protected] - [email protected] - [email protected] - [email protected] * tests: update test case to match the description (facebook#10384) * Bump webpack-dev-server 3.11.0 -> 3.11.1 (facebook#10312) Resolves facebook#10084 security vulnerability in websocket-driver library version 0.5.6, imported transitively by sockjs * Upgrade eslint-webpack-plugin to fix opt-out flag (facebook#10590) * update immer to 8.0.1 to address vulnerability (facebook#10412) Resolves facebook#10411 Bumps immer version to 8.0.1 to address the prototype pollution vulnerability with the current 7.0.9 version. * Prepare 4.0.3 release * Update CHANGELOG * Publish - [email protected] - [email protected] - [email protected] Co-authored-by: Ryota Murakami <[email protected]> Co-authored-by: Konstantin Simeonov <[email protected]> Co-authored-by: Ian Sutherland <[email protected]> Co-authored-by: sho90 <[email protected]> Co-authored-by: Anyul Rivas <[email protected]> Co-authored-by: Ian Schmitz <[email protected]> Co-authored-by: Jeffrey Posnick <[email protected]> Co-authored-by: Evan Bacon <[email protected]> Co-authored-by: Sahil Purav <[email protected]> Co-authored-by: Hakjoon Sim <[email protected]> Co-authored-by: Chris Shepherd <[email protected]> Co-authored-by: Jason Williams <[email protected]> Co-authored-by: Jabran Rafique⚡️ <[email protected]> Co-authored-by: John Ruble <[email protected]> Co-authored-by: Morten N.O. Nørgaard Henriksen <[email protected]> Co-authored-by: Sergey Makarov <[email protected]> Co-authored-by: EhsanKhaki <[email protected]> Co-authored-by: Kristoffer K <[email protected]> Co-authored-by: Aviv Hadar <[email protected]> Co-authored-by: Tobias Büschel <[email protected]> Co-authored-by: mad-jose <[email protected]> Co-authored-by: mad-jose <[email protected]> Co-authored-by: Andrew Hyndman <[email protected]> Co-authored-by: Brody McKee <[email protected]> Co-authored-by: James George <[email protected]> Co-authored-by: Dion Woolley <[email protected]> Co-authored-by: Walker Clem <[email protected]>
wombleton
pushed a commit
to AurorNZ/create-react-app
that referenced
this pull request
Jun 1, 2021
Resolves facebook#10084 security vulnerability in websocket-driver library version 0.5.6, imported transitively by sockjs
abhiisheek
pushed a commit
to abhiisheek/create-react-app
that referenced
this pull request
May 19, 2023
Resolves facebook#10084 security vulnerability in websocket-driver library version 0.5.6, imported transitively by sockjs
abhiisheek
pushed a commit
to abhiisheek/create-react-app
that referenced
this pull request
May 24, 2023
Resolves facebook#10084 security vulnerability in websocket-driver library version 0.5.6, imported transitively by sockjs
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves #10084 security vulnerability in websocket-driver library version 0.5.6, imported transitively by sockjs