-
-
Notifications
You must be signed in to change notification settings - Fork 26.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump webpack-dev-server 3.11.0 -> 3.11.1 #10312
Conversation
Resolves facebook#10084 security vulnerability in websocket-driver library version 0.5.6, imported transitively by sockjs
Hi @Awarua-! Thank you for your pull request and welcome to our community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. In order for us to review and merge your code, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA. If you have received this in error or have any questions, please contact us at cla@fb.com. Thanks! |
Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Facebook open source project. Thanks! |
websocket-driver@0.5.6 doesn't appear to exist from what I can see, 0.5.4 predates and 0.6.0 follows after. websocket-driver@0.5.4 doesn't appear to use sockjs Edit: Slightly confused as nothing they updated the deps of had an actual (reported) vuln, closest one which had a (now publically disclosed) vulnerability was sockjs versions <0.3.20. Looks like something happened upstream in webpack-dev-server though |
@dudeisbrendan03 websocket-driver has vulnerability https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/websocket-driver/JS/NPM/lid-3225/summary |
Ah, not sure what was running through my head when looking at webpack-dev |
Bump webpack-dev-server 3.11.0 -> 3.11.1 (facebook#10312)
* Fix noFallthroughCasesInSwitch/jsx object is not extensible (facebook#9921) Co-authored-by: Konstantin Simeonov <kon.simeonov@protonmail.com> * Add logo license to README * Remove trailing space in reportWebVitals.ts (facebook#10040) * docs: add React Testing Library as a library requiring jsdom (facebook#10052) Co-authored-by: Ian Schmitz <ianschmitz@gmail.com> * Increase Workbox's maximumFileSizeToCacheInBytes (facebook#10048) * Create FUNDING.yml * replace inquirer with prompts (facebook#10083) - remove `react-dev-utils/inquirer` public import * Prepare 4.0.1 release * Prepare 4.0.1 release * Publish - cra-template-typescript@1.1.1 - cra-template@1.1.1 - create-react-app@4.0.1 - react-dev-utils@11.0.1 - react-scripts@4.0.1 * chore: bump web-vital dependency version (facebook#10143) * chore: bump typescript version (facebook#10141) Co-authored-by: Ian Schmitz <ianschmitz@gmail.com> * Add TypeScript 4.x as peerDependency to react-scripts(facebook#9964) * remove chalk from formatWebpackMessages (facebook#10198) * Upgrade @svgr/webpack to fix build error (facebook#10213) Co-authored-by: Ian Schmitz <ianschmitz@gmail.com> * Improve vendor chunk names in development (facebook#9569) * Update postcss packages (facebook#10003) Co-authored-by: Ian Schmitz <ianschmitz@gmail.com> * Recovered some integration tests (facebook#10091) * Upgrade sass-loader (facebook#9988) * Move ESLint cache file into node_modules (facebook#9977) Co-authored-by: Ian Schmitz <ianschmitz@gmail.com> * Revert "Update postcss packages" (facebook#10216) This reverts commit 580ed5d. * Remove references to Node 8 (facebook#10214) * fix(react-scripts): add missing peer dependency react and update react-refresh-webpack-plugin (facebook#9872) * Update using-the-public-folder.md (facebook#10314) Some library --> Some libraries * docs: add missing override options for Jest config (facebook#9473) * Fix CI tests (facebook#10217) * appTsConfig immutability handling by immer (facebook#10027) Co-authored-by: mad-jose <joset@yeswearemad.com> * Add support for new BUILD_PATH advanced configuration variable (facebook#8986) * Add opt-out for eslint-webpack-plugin (facebook#10170) * Prepare 4.0.2 release * Publish - cra-template-typescript@1.1.2 - cra-template@1.1.2 - create-react-app@4.0.2 - react-dev-utils@11.0.2 - react-error-overlay@6.0.9 - react-scripts@4.0.2 * tests: update test case to match the description (facebook#10384) * Bump webpack-dev-server 3.11.0 -> 3.11.1 (facebook#10312) Resolves facebook#10084 security vulnerability in websocket-driver library version 0.5.6, imported transitively by sockjs * Upgrade eslint-webpack-plugin to fix opt-out flag (facebook#10590) * update immer to 8.0.1 to address vulnerability (facebook#10412) Resolves facebook#10411 Bumps immer version to 8.0.1 to address the prototype pollution vulnerability with the current 7.0.9 version. * Prepare 4.0.3 release * Update CHANGELOG * Publish - create-react-app@4.0.3 - react-dev-utils@11.0.3 - react-scripts@4.0.3 Co-authored-by: Ryota Murakami <dojce1048@gmail.com> Co-authored-by: Konstantin Simeonov <kon.simeonov@protonmail.com> Co-authored-by: Ian Sutherland <ian@iansutherland.ca> Co-authored-by: sho90 <aznecosann@gmail.com> Co-authored-by: Anyul Rivas <anyulled@gmail.com> Co-authored-by: Ian Schmitz <ianschmitz@gmail.com> Co-authored-by: Jeffrey Posnick <jeffy@google.com> Co-authored-by: Evan Bacon <baconbrix@gmail.com> Co-authored-by: Sahil Purav <sahil5684@gmail.com> Co-authored-by: Hakjoon Sim <trainto@gmail.com> Co-authored-by: Chris Shepherd <chris@chrisshepherd.me> Co-authored-by: Jason Williams <936006+jasonwilliams@users.noreply.github.com> Co-authored-by: Jabran Rafique⚡️ <jabranr@users.noreply.github.com> Co-authored-by: John Ruble <johnruble@gmail.com> Co-authored-by: Morten N.O. Nørgaard Henriksen <morten.n.o.henriksen@icloud.com> Co-authored-by: Sergey Makarov <serega.s.makar@gmail.com> Co-authored-by: EhsanKhaki <ehsankhfr@gmail.com> Co-authored-by: Kristoffer K <merceyz@users.noreply.github.com> Co-authored-by: Aviv Hadar <Avivhdr@gmail.com> Co-authored-by: Tobias Büschel <13087421+tobiasbueschel@users.noreply.github.com> Co-authored-by: mad-jose <44253495+josezone@users.noreply.github.com> Co-authored-by: mad-jose <joset@yeswearemad.com> Co-authored-by: Andrew Hyndman <ajhyndman@hotmail.com> Co-authored-by: Brody McKee <mrmckeb@users.noreply.github.com> Co-authored-by: James George <jamesgeorge998001@gmail.com> Co-authored-by: Dion Woolley <woolley.dion@gmail.com> Co-authored-by: Walker Clem <51654951+wclem4@users.noreply.github.com>
Resolves facebook#10084 security vulnerability in websocket-driver library version 0.5.6, imported transitively by sockjs
Resolves facebook#10084 security vulnerability in websocket-driver library version 0.5.6, imported transitively by sockjs
Resolves facebook#10084 security vulnerability in websocket-driver library version 0.5.6, imported transitively by sockjs
Resolves #10084 security vulnerability in websocket-driver library version 0.5.6, imported transitively by sockjs