Update dependency webpack-dev-server to v4 - autoclosed

[mend-for-jackfan.us.kg]

This PR contains the following updates:

Package	Type	Update	Change
webpack-dev-server	dependencies	major	^3.1.14 -> ^4.0.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
Critical	9.8	CVE-2019-10747	#379
Critical	9.8	CVE-2020-7720	#429
Critical	9.8	CVE-2021-44906	#394
Critical	9.8	CVE-2022-0691	#398
Critical	9.8	CVE-2023-42282	#423
Critical	9.1	CVE-2022-0686	#419
High	8.1	CVE-2022-1650	#414
High	7.7	CVE-2021-23386	#395
High	7.5	CVE-2019-20149	#376
High	7.5	CVE-2021-23424	#396
High	7.5	CVE-2021-3807	#415
High	7.5	CVE-2022-24771	#408
High	7.5	CVE-2022-24772	#406
High	7.5	CVE-2022-24999	#417
High	7.5	CVE-2022-38900	#383
High	7.5	CVE-2024-45296	#446
High	7.5	CVE-2024-52798	#465
High	7.4	CVE-2024-29180	#377
High	7.3	CVE-2020-7774	#388
High	7.3	CVE-2021-23440	#428
High	7.3	CVE-2023-26159	#393
High	7.2	CVE-2021-23337	#390

---

Release Notes

webpack/webpack-dev-server (webpack-dev-server)

v4.7.3

Compare Source

v4.7.2

Compare Source

v4.7.1

Compare Source

v4.7.0

Compare Source

Features

• added the setupMiddlewares option and deprecated onAfterSetupMiddleware and onBeforeSetupMiddleware options (#​4068) (c13aa56)
• added types (8f02c3f)
• show deprecation warning for cacert option (#​4115) (c73ddfb)

Bug Fixes

• add description for watchFiles options (#​4057) (75f3817)
• allow passing options for custom server (#​4110) (fc8bed9)
• correct schema for ClientLogging (#​4084) (9b7ae7b)
• mark --open-app deprecated in favor of --open-app-name (#​4091) (693c28a)
• show deprecation warning for both https and http2 (#​4069) (d8d5d71)
• update --web-socket-server description (#​4098) (65955e9)
• update listen and close deprecation warning message (#​4097) (b217a19)
• update descriptions of https and server options (#​4094) (f97c9e2)

v4.6.0

Compare Source

Features

• allow to pass all chokidar options (#​4025) (5026601)

Bug Fixes

• reconnection logic (#​4044) (9b32c96)
• reload on warnings (#​4056) (1ba9720)

v4.5.0

Compare Source

Features

• add --web-socket-server-type option for CLI (#​4001) (17c390a)
• show deprecation warning for https/http2 option, migration guide for https and migration guide for http2 (because we use spdy for http2 due express doesn't support http2) (#​4003) (521cf85)

Bug Fixes

• infinity refresh on warnings (#​4006) (10da223)
• invalid host message is missing on client with https (#​3997) (#​3998) (ff0869c)
• remove process listeners after stopping the server (#​4013) (d198e4e)

v4.4.0

Compare Source

Features

• added the server option, now you can pass server options, example { server: { type: 'http', options: { maxHeaderSize: 32768 } } }, available options for http and https, note - for http2 is used spdy, options specified in the server.options option take precedence over https/http2 options (#​3940) (a70a7ef)
• added the client.reconnect option (#​3912) (5edad76)
• improve error handling within startCallback and endCallback (#​3969) (b0928ac)

Bug Fixes

• schema for web socket server type (#​3913) (f6aa6f7)
• typo in SSL information log (#​3939) (4c6103b)

4.3.1 (2021-10-04)

Bug Fixes

• perf (#​3906) (f6e2a19)

v4.3.1

Compare Source

v4.3.0

Compare Source

Features

• allow array for headers option (#​3847) (9911437)
• gracefully and force shutdown (#​3880) (db24b16)

Bug Fixes

• avoid web socket connection when web socket server is not running (#​3879) (8874d72)
• display file name for warnings/errors in overlay (#​3867) (d20def5)
• formatting errors/warnings (#​3877) (f0dbea0)
• handle 0 value of the port option property (ed67f66)

4.2.1 (2021-09-13)

Bug Fixes

• infinity loop for multi compiler mode (#​3840) (e019bd2)
• reloading logic for multi compiler mode (#​3841) (ef148ec)

4.2.0 (2021-09-09)

Features

• added the http.ca option (CLI option added too) (should be used instead cacert, because we will remove it in the next major release in favor the https.ca option)
• added the https.crl option (CLI options added too), more information
• https.ca/https.cacert/ https.cert/https.crl/https.key/https.pfx options are now accept Arrays of Buffer/string/Path to file, using --https-*-reset CLI options you can reset these options
• https.pfx/https.key can be Object[], more information
• https options can now accept custom options, you can use:

module.exports = {
  // Other options
  devServer: {
    https: {
      // Allow to set additional TSL options https://nodejs.org/api/tls.html#tls_tls_createsecurecontext_options
      minVersion: "TLSv1.1",
      ca: path.join(httpsCertificateDirectory, "ca.pem"),
      pfx: path.join(httpsCertificateDirectory, "server.pfx"),
      key: path.join(httpsCertificateDirectory, "server.key"),
      cert: path.join(httpsCertificateDirectory, "server.crt"),
      passphrase: "webpack-dev-server",
    },
  }
};

Bug Fixes

• accept connections with file: and chrome-extensions: protocol by default (#​3822) (138f064)
• close overlay on disconnection (#​3825) (011bcf1)
• respect https.cacert option (#​3820) (0002ebf)

4.1.1 (2021-09-07)

Bug Fixes

• improve the description of the magicHtml option (#​3772) (b80610f)
• replace ansi-html with ansi-html-community to avoid CVE (#​3801) (36fd214)

v4.2.1

Compare Source

v4.2.0

Compare Source

v4.1.1

Compare Source

v4.1.0

Compare Source

Features

• added the magicHtml option (#​3717) (4831f58)
• allow to set hot and live-reload for client using search params (1c57680)
• show warning when the hot option is enabled with the HMR plugin in config (#​3744) (6cb1e4e)

Bug Fixes

• change log type of Disconnected! to info (fde27f5)
• handle --allowed-hosts all correctly (#​3720) (326ed56)
• output documentation link on errors (#​3680) (e16221b)
• respect the bypass option with target/router options for proxy (b5dd568)

v4.0.0

Compare Source

v3.11.3

Compare Source

3.11.3 (2021-11-08)

Bug Fixes

• replace ansi-html with ansi-html-community (#​4011) (4fef67b)

v3.11.2

Compare Source

3.11.2 (2021-01-13)

Bug Fixes

• cli arguments for serve command (a5fe337)

v3.11.1

Compare Source

3.11.1 (2020-12-29)

Bug Fixes

• the open option works using webpack serve without value (#​2948) (4837dc9)
• vulnerable deps (#​2949) (78dde50)

v3.11.0

Compare Source

Features

• add icons for directory viewer (#​2441) (e953d01)
• allow multiple contentBasePublicPath paths (#​2489) (c6bdfe4)
• emit progress-update (#​2498) (4808abd), closes #​1666
• add invalidate endpoint (#​2493) (89ffb86)
• allow open option to accept an object (#​2492) (adeb92e)

Bug Fixes

• do not swallow errors from server (#​2512) (06583f2)
• security vulnerability in yargs-parser (#​2566) (41d1d0c)
• don't crash on setupExitSignals(undefined) (#​2507) (0d5c681)
• support entry descriptor (closes #​2453) (#​2465) (8bbef6a)
• update jquery (#​2516) (99ccfd8)

3.10.3 (2020-02-05)

Bug Fixes

• forward error requests to the proxy (#​2425) (e291cd4)

3.10.2 (2020-01-31)

Bug Fixes

• fallthrough non GET and HEAD request to routes (#​2374) (ebe8eca)
• add an optional peer dependency on webpack-cli (#​2396) (aa365df)
• add heartbeat for the websocket server (#​2404) (1a7c827)

3.10.1 (2019-12-19)

Bug Fixes

• ie11 compatibility (1306abe)

v3.10.3

Compare Source

v3.10.2

Compare Source

v3.10.1

Compare Source

v3.10.0

Compare Source

Features

• client: allow sock port to use location's port (sockPort: 'location') (#​2341) (dc10d06)
• server: add contentBasePublicPath option (#​2150) (cee700d)

Bug Fixes

• client: don't override protocol for socket connection to 127.0.0.1 (#​2303) (3a31917), closes #​2302
• server: respect sockPath on transportMode: 'ws' (#​2310) (#​2311) (e188542)
• https on chrome linux (#​2330) (dc8b475)
• support webpack@5 (#​2359) (8f89c01)

v3.9.0

Compare Source

Bug Fixes

• add hostname and port to bonjour name to prevent name collisions (#​2276) (d8af2d9)
• add extKeyUsage to self-signed cert (#​2274) (a4dbc3b)

Features

• add multiple openPage support (#​2266) (c9e9178)

3.8.2 (2019-10-02)

Security

• update selfsigned package

3.8.1 (2019-09-16)

Bug Fixes

• add null check for connection.headers (#​2200) (7964997)
• false positive for an absolute path in the ContentBase option on windows (#​2202) (68ecf78)
• add status in quiet log level (#​2235) (7e2224e)
• scriptHost in client (#​2246) (00903f6)

v3.8.2

Compare Source

v3.8.1

Compare Source

v3.8.0

Compare Source

Bug Fixes

• server: fix setupExitSignals usage (#​2181) (bbe410e)
• server: set port before instantiating server (#​2143) (cfbf229)
• check for name of HotModuleReplacementPlugin to avoid RangeError (#​2146) (4579775)
• server: check for external urls in array (#​1980) (fa78347)
• server: fix header check for socket server (#​2077) (7f51859)
• server: stricter headers security check (#​2092) (078ddca)

Features

• server: add transportMode (#​2116) (b5b9cb4)
• server: serverMode 'ws' option (#​2082) (04483f4)
• server/client: made progress option available to API (#​1961) (56274e4)

Potential Breaking changes

We have migrated serverMode and clientMode to transportMode as an experimental option. If you want to use this feature, you have to change your settings.

Related PR: https://github.com/webpack/webpack-dev-server/pull/2116

3.7.2 (2019-06-17)

Bug Fixes

• client: add default fallback for client (#​2015) (d26b444)
• open: set wait: false to run server.close successfully (#​2001) (2b4cb52)
• test: fixed ProvidePlugin.test.js (#​2002) (47453cb)

3.7.1 (2019-06-07)

Bug Fixes

• retry finding port when port is null and get ports in sequence (#​1993) (bc57514)

v3.7.2

Compare Source

v3.7.1

Compare Source

v3.7.0

Compare Source

Bug Fixes

• change clientLogLevel order to be called first (#​1973) (57c8c92)
• es6 syntax in client (#​1982) (802aa30)

v3.6.0

Compare Source

Bug Fixes

• config: enable --overlay (#​1968) (dc81e23)
• server: don't ignore node_modules by default (#​1970) (699f8b4), closes #​1794

Features

• server: add serverMode option (#​1937) (44a8cde)

3.5.1 (2019-06-01)

Bug Fixes

• allow passing promise function of webpack.config.js (#​1947) (8cf1053)

v3.5.1

Compare Source

v3.5.0

Compare Source

Bug Fixes

• add client code for electron-renderer target (#​1935) (9297988)
• add client code for node-webkit target (#​1942) (c6b2b1f)

Features

• server: onListening option (#​1930) (61d0cdf)
• server: add callback support for invalidate (#​1900) (cd218ef)
• server: add WEBPACK_DEV_SERVER env variable (#​1929) (856169e)

3.4.1 (2019-05-17)

Bug Fixes

• add none and warning to clientLogLevel (#​1901) (0ae9be8)
• broken hot reload (#​1903) (6a444cd)

v3.4.1

Compare Source

v3.4.0

Compare Source

Bug Fixes

• don't use self.location.port (#​1838) (6d31984)
• do not include config files in dist (#​1883) (c535bb2)
• only add client entry to web targets (#​1775) (cf4d0d0)
• update clientLogLevel to match docs and error (#​1825) (7f52bbf)
• add errors-warnings preset (#​1895) (2a81ad2)

Features

• added injectClient option (#​1775) (cf4d0d0)
• added injectHot option (#​1775) (cf4d0d0)
• added sockPort option (#​1792) (58d1682)
• added sockHost option (#​1858) (f47dff2)
• support HEAD method (#​1875) (c2360e4)
• added liveReload option (#​1889) (fc4fe32)
• update express to 4.17 version

v3.3.1

Compare Source

Bug Fixes

• regression: always get necessary stats for hmr (#​1780) (66b04a9)
• regression: host and port can be undefined or null (#​1779) (028ceee)
• only add entries after compilers have been created (#​1774) (b31cbaa)

v3.3.0

Compare Source

Bug Fixes

• compatibility with [email protected] (#​1754) (fd7cb0d)
• ignore proxy when bypass return false (#​1696) (aa7de77)
• respect stats option from webpack config (#​1665) (efaa740)
• use location.port when location.hostname is used to infer HMR socket URL (#​1664) (2f7f052)
• don't crash with express.static.mime.types (#​1765) (919ff77)

Features

• add option "serveIndex" to enable/disable serveIndex middleware (#​1752) (d5d60cb)
• add webpack as argument to before and after options (#​1760) (0984d4b)
• http2 option to enable/disable HTTP/2 with HTTPS (#​1721) (dcd2434)
• random port retry logic (#​1692) (419f02e)
• relax depth limit from chokidar for content base (#​1697) (7ea9ab9)

3.2.1 (2019-02-25)

Bug Fixes

• deprecation message about setup now warning about v4 (#​1684) (523a6ec)
• regression: allow ca, key and cert will be string (#​1676) (b8d5c1e)
• regression: handle key, cert, cacert and pfx in CLI (#​1688) (4b2076c)
• regression: problem with idb-connector after update internal-ip (#​1691) (eb48691)

3.1.14 (2018-12-24)

Bug Fixes

• add workaround for Origin header in sockjs (#​1608) (1dfd4fb)

3.1.13 (2018-12-22)

Bug Fixes

• delete a comma for Node.js <= v7.x (#​1609) (0bab1c0)

3.1.12 (2018-12-22)

Bug Fixes

• regression in checkHost for checking Origin header (#​1606) (8bb3ca8)

3.1.11 (2018-12-21)

Bug Fixes

• bin/options: correct check for color support (options.color) (#​1555) (55398b5)
• package: update spdy v3.4.1...4.0.0 (assertion error) (#​1491) (#​1563) (7a3a257)
• Server: correct node version checks (#​1543) (927a2b3)
• Server: mime type for wasm in contentBase directory (#​1575) (#​1580) (fadae5d)
• add url for compatibility with webpack@5 (#​1598) (#​1599) (68dd49a)
• check origin header for websocket connection (#​1603) (b3217ca)

3.1.10 (2018-10-23)

Bug Fixes

• options: add writeToDisk option to schema (#​1520) (d2f4902)
• package: update sockjs-client v1.1.5...1.3.0 (url-parse vulnerability) (#​1537) (e719959)
• Server: set tls.DEFAULT_ECDH_CURVE to 'auto' (#​1531) (c12def3)

3.1.9 (2018-09-24)

3.1.8 (2018-09-06)

Bug Fixes

• package: yargs security vulnerability (dependencies) (#​1492) (8fb67c9)
• utils/createLogger: ensure quiet always takes precedence (options.quiet) (#​1486) (7a6ca47)

3.1.7 (2018-08-29)

Bug Fixes

• Server: don't use spdy on node >= v10.0.0 (#​1451) (8ab9eb6)

3.1.6 (2018-08-26)

Bug Fixes

• bin: handle process signals correctly when the server isn't ready yet (#​1432) (334c3a5)
• examples/cli: correct template path in open-page example (#​1401) (df30727)
• schema: allow the output filename to be a {Function} (#​1409) (e2220c4)

v3.2.1

Compare Source

Bug Fixes

• deprecation message about setup now warning about v4 (#​1684) (523a6ec)
• regression: allow ca, key and cert will be string (#​1676) (b8d5c1e)
• regression: handle key, cert, cacert and pfx in CLI (#​1688) (4b2076c)
• regression: problem with idb-connector after update internal-ip (#​1691) (eb48691)

v3.2.0

Compare Source

Bug Fixes

• allow single object proxy config (#​1633) (252ea4f)
• SPDY fails in node >= 11.1.0 (#​1660) (b92e5fd)

Features

• add sockPath option (options.sockPath) (#​1553) (4bf1f76)
• allow to use ca, pfx, key and cert as string (#​1542) (0b89fd9)
• automatically add the HMR plugin when hot or hotOnly is enabled (#​1612) (178e6cc)
• set development mode by default when unspecified (#​1653) (5ea376b)

---

• If you want to rebase/retry this PR, check this box