chore(deps): update dependency webpack-dev-server to v3 (master)

[appcues-wss]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
webpack-dev-server	^1.16.5 -> ^3.0.0

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	CVE
Critical	9.8	CVE-2018-3774
Critical	9.8	CVE-2018-3774
Critical	9.8	CVE-2022-0691
Critical	9.8	CVE-2022-0691
Critical	9.3	CVE-2022-1650
Critical	9.1	CVE-2022-0686
Critical	9.1	CVE-2022-0686
High	7.8	WS-2018-0107
High	7.5	CVE-2017-16118
High	7.5	CVE-2017-16119
High	7.5	CVE-2017-16138
High	7.5	CVE-2017-16138
High	7.5	CVE-2018-14732
High	7.5	CVE-2020-7662
High	7.5	CVE-2022-24999
High	7.5	WS-2020-0091
High	7.4	WS-2018-0588
High	7.4	WS-2018-0588
Medium	5.3	CVE-2017-16028
Medium	5.3	CVE-2020-7693
Medium	5.3	CVE-2020-8124
Medium	5.3	CVE-2020-8124
Medium	5.3	CVE-2021-27515
Medium	5.3	CVE-2021-27515
Medium	5.3	CVE-2021-3664
Medium	5.3	CVE-2021-3664
Medium	5.3	CVE-2022-0512
Medium	5.3	CVE-2022-0512
Medium	5.3	CVE-2022-0639
Medium	5.3	CVE-2022-0639

---

Release Notes

webpack/webpack-dev-server (webpack-dev-server)

v3.11.0

Compare Source

Features

• add icons for directory viewer (#​2441) (e953d01)
• allow multiple contentBasePublicPath paths (#​2489) (c6bdfe4)
• emit progress-update (#​2498) (4808abd), closes #​1666
• add invalidate endpoint (#​2493) (89ffb86)
• allow open option to accept an object (#​2492) (adeb92e)

Bug Fixes

• do not swallow errors from server (#​2512) (06583f2)
• security vulnerability in yargs-parser (#​2566) (41d1d0c)
• don't crash on setupExitSignals(undefined) (#​2507) (0d5c681)
• support entry descriptor (closes #​2453) (#​2465) (8bbef6a)
• update jquery (#​2516) (99ccfd8)

3.10.3 (2020-02-05)

Bug Fixes

• forward error requests to the proxy (#​2425) (e291cd4)

3.10.2 (2020-01-31)

Bug Fixes

• fallthrough non GET and HEAD request to routes (#​2374) (ebe8eca)
• add an optional peer dependency on webpack-cli (#​2396) (aa365df)
• add heartbeat for the websocket server (#​2404) (1a7c827)

3.10.1 (2019-12-19)

Bug Fixes

• ie11 compatibility (1306abe)

v3.10.3

Compare Source

v3.10.2

Compare Source

v3.10.1

Compare Source

v3.10.0

Compare Source

Features

• client: allow sock port to use location's port (sockPort: 'location') (#​2341) (dc10d06)
• server: add contentBasePublicPath option (#​2150) (cee700d)

Bug Fixes

• client: don't override protocol for socket connection to 127.0.0.1 (#​2303) (3a31917), closes #​2302
• server: respect sockPath on transportMode: 'ws' (#​2310) (#​2311) (e188542)
• https on chrome linux (#​2330) (dc8b475)
• support webpack@5 (#​2359) (8f89c01)

v3.9.0

Compare Source

Bug Fixes

• add hostname and port to bonjour name to prevent name collisions (#​2276) (d8af2d9)
• add extKeyUsage to self-signed cert (#​2274) (a4dbc3b)

Features

• add multiple openPage support (#​2266) (c9e9178)

3.8.2 (2019-10-02)

Security

• update selfsigned package

3.8.1 (2019-09-16)

Bug Fixes

• add null check for connection.headers (#​2200) (7964997)
• false positive for an absolute path in the ContentBase option on windows (#​2202) (68ecf78)
• add status in quiet log level (#​2235) (7e2224e)
• scriptHost in client (#​2246) (00903f6)

v3.8.2

Compare Source

v3.8.1

Compare Source

v3.8.0

Compare Source

Bug Fixes

• server: fix setupExitSignals usage (#​2181) (bbe410e)
• server: set port before instantiating server (#​2143) (cfbf229)
• check for name of HotModuleReplacementPlugin to avoid RangeError (#​2146) (4579775)
• server: check for external urls in array (#​1980) (fa78347)
• server: fix header check for socket server (#​2077) (7f51859)
• server: stricter headers security check (#​2092) (078ddca)

Features

• server: add transportMode (#​2116) (b5b9cb4)
• server: serverMode 'ws' option (#​2082) (04483f4)
• server/client: made progress option available to API (#​1961) (56274e4)

Potential Breaking changes

We have migrated serverMode and clientMode to transportMode as an experimental option. If you want to use this feature, you have to change your settings.

Related PR: https://github.com/webpack/webpack-dev-server/pull/2116

3.7.2 (2019-06-17)

Bug Fixes

• client: add default fallback for client (#​2015) (d26b444)
• open: set wait: false to run server.close successfully (#​2001) (2b4cb52)
• test: fixed ProvidePlugin.test.js (#​2002) (47453cb)

3.7.1 (2019-06-07)

Bug Fixes

• retry finding port when port is null and get ports in sequence (#​1993) (bc57514)

v3.7.2

Compare Source

v3.7.1

Compare Source

v3.7.0

Compare Source

Bug Fixes

• change clientLogLevel order to be called first (#​1973) (57c8c92)
• es6 syntax in client (#​1982) (802aa30)

v3.6.0

Compare Source

Bug Fixes

• config: enable --overlay (#​1968) (dc81e23)
• server: don't ignore node_modules by default (#​1970) (699f8b4), closes #​1794

Features

• server: add serverMode option (#​1937) (44a8cde)

3.5.1 (2019-06-01)

Bug Fixes

• allow passing promise function of webpack.config.js (#​1947) (8cf1053)

v3.5.1

Compare Source

v3.5.0

Compare Source

Bug Fixes

• add client code for electron-renderer target (#​1935) (9297988)
• add client code for node-webkit target (#​1942) (c6b2b1f)

Features

• server: onListening option (#​1930) (61d0cdf)
• server: add callback support for invalidate (#​1900) (cd218ef)
• server: add WEBPACK_DEV_SERVER env variable (#​1929) (856169e)

3.4.1 (2019-05-17)

Bug Fixes

• add none and warning to clientLogLevel (#​1901) (0ae9be8)
• broken hot reload (#​1903) (6a444cd)

v3.4.1

Compare Source

v3.4.0

Compare Source

Bug Fixes

• don't use self.location.port (#​1838) (6d31984)
• do not include config files in dist (#​1883) (c535bb2)
• only add client entry to web targets (#​1775) (cf4d0d0)
• update clientLogLevel to match docs and error (#​1825) (7f52bbf)
• add errors-warnings preset (#​1895) (2a81ad2)

Features

• added injectClient option (#​1775) (cf4d0d0)
• added injectHot option (#​1775) (cf4d0d0)
• added sockPort option (#​1792) (58d1682)
• added sockHost option (#​1858) (f47dff2)
• support HEAD method (#​1875) (c2360e4)
• added liveReload option (#​1889) (fc4fe32)
• update express to 4.17 version

v3.3.1

Compare Source

Bug Fixes

• regression: always get necessary stats for hmr (#​1780) (66b04a9)
• regression: host and port can be undefined or null (#​1779) (028ceee)
• only add entries after compilers have been created (#​1774) (b31cbaa)

v3.3.0

Compare Source

Bug Fixes

• compatibility with [email protected] (#​1754) (fd7cb0d)
• ignore proxy when bypass return false (#​1696) (aa7de77)
• respect stats option from webpack config (#​1665) (efaa740)
• use location.port when location.hostname is used to infer HMR socket URL (#​1664) (2f7f052)
• don't crash with express.static.mime.types (#​1765) (919ff77)

Features

• add option "serveIndex" to enable/disable serveIndex middleware (#​1752) (d5d60cb)
• add webpack as argument to before and after options (#​1760) (0984d4b)
• http2 option to enable/disable HTTP/2 with HTTPS (#​1721) (dcd2434)
• random port retry logic (#​1692) (419f02e)
• relax depth limit from chokidar for content base (#​1697) (7ea9ab9)

3.2.1 (2019-02-25)

Bug Fixes

• deprecation message about setup now warning about v4 (#​1684) (523a6ec)
• regression: allow ca, key and cert will be string (#​1676) (b8d5c1e)
• regression: handle key, cert, cacert and pfx in CLI (#​1688) (4b2076c)
• regression: problem with idb-connector after update internal-ip (#​1691) (eb48691)

3.1.14 (2018-12-24)

Bug Fixes

• add workaround for Origin header in sockjs (#​1608) (1dfd4fb)

3.1.13 (2018-12-22)

Bug Fixes

• delete a comma for Node.js <= v7.x (#​1609) (0bab1c0)

3.1.12 (2018-12-22)

Bug Fixes

• regression in checkHost for checking Origin header (#​1606) (8bb3ca8)

3.1.11 (2018-12-21)

Bug Fixes

• bin/options: correct check for color support (options.color) (#​1555) (55398b5)
• package: update spdy v3.4.1...4.0.0 (assertion error) (#​1491) (#​1563) (7a3a257)
• Server: correct node version checks (#​1543) (927a2b3)
• Server: mime type for wasm in contentBase directory (#​1575) (#​1580) (fadae5d)
• add url for compatibility with webpack@5 (#​1598) (#​1599) (68dd49a)
• check origin header for websocket connection (#​1603) (b3217ca)

3.1.10 (2018-10-23)

Bug Fixes

• options: add writeToDisk option to schema (#​1520) (d2f4902)
• package: update sockjs-client v1.1.5...1.3.0 (url-parse vulnerability) (#​1537) (e719959)
• Server: set tls.DEFAULT_ECDH_CURVE to 'auto' (#​1531) (c12def3)

3.1.9 (2018-09-24)

3.1.8 (2018-09-06)

Bug Fixes

• package: yargs security vulnerability (dependencies) (#​1492) (8fb67c9)
• utils/createLogger: ensure quiet always takes precedence (options.quiet) (#​1486) (7a6ca47)

3.1.7 (2018-08-29)

Bug Fixes

• Server: don't use spdy on node >= v10.0.0 (#​1451) (8ab9eb6)

3.1.6 (2018-08-26)

Bug Fixes

• bin: handle process signals correctly when the server isn't ready yet (#​1432) (334c3a5)
• examples/cli: correct template path in open-page example (#​1401) (df30727)
• schema: allow the output filename to be a {Function} (#​1409) (e2220c4)

v3.2.1

Compare Source

Bug Fixes

• deprecation message about setup now warning about v4 (#​1684) (523a6ec)
• regression: allow ca, key and cert will be string (#​1676) (b8d5c1e)
• regression: handle key, cert, cacert and pfx in CLI (#​1688) (4b2076c)
• regression: problem with idb-connector after update internal-ip (#​1691) (eb48691)

v3.2.0

Compare Source

Bug Fixes

• allow single object proxy config (#​1633) (252ea4f)
• SPDY fails in node >= 11.1.0 (#​1660) (b92e5fd)

Features

• add sockPath option (options.sockPath) (#​1553) (4bf1f76)
• allow to use ca, pfx, key and cert as string (#​1542) (0b89fd9)
• automatically add the HMR plugin when hot or hotOnly is enabled (#​1612) (178e6cc)
• set development mode by default when unspecified (#​1653) (5ea376b)

v3.1.14

Compare Source

Bug Fixes

• add workaround for Origin header in sockjs (#​1608) (1dfd4fb)

v3.1.13

Compare Source

Bug Fixes

• delete a comma for Node.js <= v7.x (#​1609) (0bab1c0)

v3.1.12

Compare Source

Bug Fixes

• regression in checkHost for checking Origin header (#​1606) (8bb3ca8)

v3.1.11

Compare Source

Bug Fixes

• bin/options: correct check for color support (options.color) (#​1555) (55398b5)
• package: update spdy v3.4.1...4.0.0 (assertion error) (#​1491) (#​1563) (7a3a257)
• Server: correct node version checks (#​1543) (927a2b3)
• Server: mime type for wasm in contentBase directory (#​1575) (#​1580) (fadae5d)
• add url for compatibility with webpack@5 (#​1598) (#​1599) (68dd49a)
• check origin header for websocket connection (#​1603) (b3217ca)

v3.1.10

Compare Source

Bug Fixes

• options: add writeToDisk option to schema (#​1520) (d2f4902)
• package: update sockjs-client v1.1.5...1.3.0 (url-parse vulnerability) (#​1537) (e719959)
• Server: set tls.DEFAULT_ECDH_CURVE to 'auto' (#​1531) (c12def3)

v3.1.9

Compare Source

3.1.9 (2018-09-24)

v3.1.8

Compare Source

Bug Fixes

• package: yargs security vulnerability (dependencies) (#​1492) (8fb67c9)
• utils/createLogger: ensure quiet always takes precedence (options.quiet) (#​1486) (7a6ca47)

v3.1.7

Compare Source

Bug Fixes

• Server: don't use spdy on node >= v10.0.0 (#​1451) (8ab9eb6)

v3.1.6

Compare Source

Bug Fixes

• bin: handle process signals correctly when the server isn't ready yet (#​1432) (334c3a5)
• examples/cli: correct template path in open-page example (#​1401) (df30727)
• schema: allow the output filename to be a {Function} (#​1409) (e2220c4)

v3.1.5

Compare Source

• Send the Progress event in the client so plugins can use it (#​1427)
• Update sockjs-client to fix infinite reconnection loop (#​1434)

v3.1.4

Compare Source

• Update to webpack-dev-middleware 3.1.3, which should fix paths with a space not working on Windows (#​1392)
• Fix logLevel option silent not being accepted by schema validation (#​1372)

v3.1.3

Compare Source

• Fix HMR causing a crash when trying to reload

v3.1.2

Compare Source

• Speed up incremental builds (#​1362)
• Update webpack-dev-middleware to 3.1.2

v3.1.1

Compare Source

Bug Fixes

• add workaround for Origin header in sockjs (#​1608) (1dfd4fb)

v3.1.0

Compare Source

Updates

• Fancy logging; webpack-log is now used for logging to the terminal (webpack-dev-middleware was already using this).
• The logLevel option is added for more fine-grained control over the logging.

Bugfixes

• MultiCompiler was broken with webpack 4.
• Fix deprecation warnings caused by webpack 4. Note that you will still see some deprecation warnings because webpack-dev-middleware has not been updated yet.

v3.0.0

Compare Source

Updates

• Breaking change: webpack v4 is now supported. Older versions of webpack are not supported.
• Breaking change: drops support for Node.js v4, going forward we only support v6+ (same as webpack).
• webpack-dev-middleware updated to v2 (see changes).

Bugfixes

• After starting webpack-dev-server with an error in your code, it would not reload the page after fixing that error (#​1317).
• DynamicEntryPlugin is now supported correctly (#​1319).

Huge thanks to all the contributors!

Please note that webpack-serve will eventually be the successor of webpack-dev-server. The core features already work so if you're brave enough give it a try!

v2.11.5

Compare Source

v2.11.4

Compare Source

v2.11.3

Compare Source

v2.11.2

Compare Source

v2.11.1

Compare Source

Our third attempt to fix compatibility with old browsers (#​1273), this time we'll get it right.

v2.11.0

Compare Source

Version 2.11.0 adds the transpilation of the client scripts via babel to ES5 which restores backwards compatibility (that was removed in 2.8.0) to very old or out of date browsers.

v2.10.1

Compare Source

v2.10.0

Compare Source

Version 2.10.0 adds the transpilation of the client scripts via babel to ES5 which restores backwards compatibility (that was removed in 2.8.0) to very old or out of date browsers.

Important webpack-dev-server has entered a maintenance-only mode. We won't be accepting any new features or major modifications. We'll still welcome pull requests for fixes however, and will continue to address any bugs that arise. Announcement with specifics pending.

Bugfixes

• iOS Safari 10 bug where SockJS couldn't be found (#​1238)
• reportTime option (#​1209)
• don't mutate stats configuration (#​1174)
• enable progress from config (#​1181)

Updates

• transpile client bundles with babel (#​1242)
• dependency updates (ce30460)
• Increase minimum marked version for ReDos vuln (#​1255)
• Update sockjs dependency to fix auditjs security vulnerability warning

v2.9.7

Compare Source

v2.9.6

Compare Source

Bugfixes

• fixes #​1208: watchOptions not passed to chokidar in wds

v2.9.5

Compare Source

Updates

• fixes #​1198: bump express for security (6b2d7a0)

v2.9.4

Compare Source

Bugfixes

• assert ssl certs aren't published. fixes #​1171
• fixes #​860: failure to exit on SIGINT race condition (#​1157)

v2.9.3

Compare Source

Bugfixes

• Fixes #​1082, #​1142. bin file correctly prefers local module, uses it, and bails if local module detected.
• Use dist/build sockjs-client instead of module source (#​1148)

v2.9.2

Compare Source

Bugfixes

Changed property descriptor for Array.includes polyfill (#​1134)

Updates

Remove header additional property validation (#​1115)
Allow explicitly setting the protocol from the public option (#​1117)
Updates readme with support, usage, and caveats (outlines no support for old IE)

v2.9.1

Compare Source

Patch release to resolve an errant log message in setup

v2.9.0

Compare Source

Note: Minor release due to addition of before and after hooks

Features

Deprecate setup in favor of before and after hooks (#​1108)

Bugfixes

Fixed check for webpack/hot/log when setting HMR log level. (#​1096)
fixes #​1109: internal-ip update breaks useLocalIp option
Fix quote style to satisfy ESLint (#​1098)

Updates

Made error overlay translucent. (#​1097)

v2.8.2

Compare Source

Bugfixes

fixes #​1087: yargs@8 causes error output with [email protected]
fixes #​1084: template literals causing errors on IE (#​1089) …
fixes #​1086: promise configs fix and example

Updates

add promise-config example

v2.8.1

Compare Source

Bugfixes

fixes #​1081, closes #​1079. addDevServerEndpoints needs app stub for createDomain
fixes #​1080 - jQuery update caused live bundle iframe issue
clean up progress option typo and options def

v2.8.0

Compare Source

Features

• Print webpack progress to browser console (#​1063)
• Disable hot reloading with query string (#​1068)

Bugfixes

• Fixes issue #​1064 by switching to a named logger (#​1070)
• Fix Broken Socket on Client for Custom/Random Port Numbers (#​1060)
• Addresses #​998 to properly assign a random port and access the port assigned (#​1054)
• Don't generate ssl cert when one is already specified via options (#​1036)
• Fix for ./log module not found (#​1050)
• Fixes #​1042: overlay doesn't clear if errors are fixed but warnings remain (#​1043)
• Handle IPv6-addresses correctly in checkHost() (#​1026)

Updates

• Allow --open option to specify the browser to use (#​825)
• Adds requestCert support to the server
• Code cleanup and ESLint + eslint-config-webpack (#​1058)
• Include subjectAltName field in self-signed cert (#​987)

v2.7.1

Compare Source

v2.6.1

Compare Source

• Move loglevel from devDependencies to dependencies #​1001

v2.6.0

Compare Source

• Browser console messages now respect clientLogLevel (#​921).
• Don't output startup info if quiet is set to true (#​970).
• Only load Bonjour when needed (#​958).
• Set HMR log level (#​926).
• Do not show warnings @​ overlay unless explicitly set (#​881).
• Add cli option --disable-host-check (#​980).

v2.5.1

Compare Source

Bugfixes

Fix peer dependencies to support webpack 3 ( #​946 ) ( Fixes #​932 )

v2.5.0

Compare Source

Security

Don't provide a SSL cert, but generate one on demand. Unique for each developer.

https://medium.com/[@&#8203;mikenorth/961572624c54](https://togithub.com/mikenorth/961572624c54) by Mike North

Bugfixes

• allow port 0 again
• add allowedHosts option
• better check for WebWorker
• add openPage option to open a specific page
• add --bonjour
• add lan option, which listen