Skip to content

Update webpack-dev-middleware to the latest version 🚀 #1778

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 22, 2017
Merged

Update webpack-dev-middleware to the latest version 🚀 #1778

merged 1 commit into from
Apr 22, 2017

Conversation

greenkeeper[bot]
Copy link
Contributor

@greenkeeper greenkeeper bot commented Apr 22, 2017

Version 1.10.2 of webpack-dev-middleware just got published.

Dependency webpack-dev-middleware
Current Version 1.10.1
Type dependency

The version 1.10.2 is not covered by your current version range.

Without accepting this pull request your project will work just like it did before. There might be a bunch of new features, fixes and perf improvements that the maintainers worked on for you though.

I recommend you look into these changes and try to get onto the latest version of webpack-dev-middleware.
Given that you have a decent test suite, a passing build is a strong indicator that you can take advantage of these changes by merging the proposed change into your project. Otherwise this branch is a great starting point for you to work on the update.

Release Notes v1.10.2

Security fix:

This version contains a security fix, which is also breaking change if you have an insecure configuration.
We are releasing this breaking change as patch version to protect you from attacks.
Sorry if this breaks your setup, but the fix is easy.

We removed setting Access-Control-Allow-Origin to * be default. This allowed evil websites to access your assets.
Instead we ask you to set Access-Control-Allow-Origin manually to your host if required in your setup.
Use the headers option to do so.

middleware(compiler, {
    headers: {
        "Access-Control-Allow-Origin": "your-host"
    }
})

Read more about CORS here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

Bugfixes:

  • Remove Access-Control-Allow-Origin = * default
Commits

The new version differs by 10 commits0.

  • 9b03d79 1.10.2
  • c59b3b3 Merge remote-tracking branch 'remotes/origin/add-node-7-travis'
  • 626a35a remove security risk
  • 798b2f1 Avoid setting http status code explicitly (#175)
  • 1e01626 adding node 7 to travis config (#185)
  • d986c2e Merge pull request #176 from piperchester/patch-1
  • 9b9ffee fixing some number typos in the tests
  • d3dfe67 adding node 7 to travis config
  • 0ce28c7 Fix link to Kees
  • bd6a593 use decodeURIComponent for getFilenameFromUrl final output (#173)

false

See the full diff

Not sure how things should work exactly?

There is a collection of frequently asked questions and of course you may always ask my humans.

Your Greenkeeper Bot 🌴

@timneutkens timneutkens merged commit 1f09c7b into master Apr 22, 2017
@timneutkens timneutkens deleted the greenkeeper/webpack-dev-middleware-1.10.2 branch April 22, 2017 12:59
@lock lock bot locked as resolved and limited conversation to collaborators Jan 18, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@timneutkens
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy