Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[email protected] untested ⚠️ #45

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

greenkeeperio-bot
Copy link

Hello lovely humans,

webpack-dev-server just published its new version 2.4.3.

State No tests ⚠️
Dependency webpack-dev-server
New version 2.4.3
Type peerDependency

This version is covered by your current version range, but I could not detect automated tests for this project. Without a test suite I can not really tell whether your project still works.

I was looking at the latest commit of your default branch, but GitHub said there is no status attached to it.

Do you have any ideas how I could improve these pull requests? Did I report anything you think isn’t right?
Are you unsure about how things are supposed to work?

There is a collection of frequently asked questions and while I’m just a bot, there is a group of people who are happy to teach me new things. Let them know.

Good luck with your project ✨

You rock!

🌴


GitHub Release

Security fix:

This version contains a security fix, which is also breaking change if you have an insecure configuration.
We are releasing this breaking change as patch version to protect you from attacks.
Sorry if this breaks your setup, but the fix is easy.

We added a check for the correct Host header to the webpack-dev-server.
This allowed evil websites to access your assets.

The Host header of the request have to match the listening adress or the host provided in the public option.
Make sure to provide correct values here.

The response will contain a note when using an incorrect Host header.

For usage behind a Proxy or similar setups we also added a disableHostCheck option to disable this check.
Only use it when you know what you do. Not recommended.

Bugfixes:

  • Requests are not blocked when Host doesn't match listening host or public option.
  • Requests to localhost or 127.0.0.1 are not blocked.

Features:

  • Added disableHostCheck option to disable the host check

✨ Try the all new Greenkeeper GitHub Integration
With Integrations first-class bot support landed on GitHub and we’ve rewritten Greenkeeper to take full advantage of it. Simpler setup, fewer pull-requests, faster than ever.

Screencast

Try it today. Free for private repositories during beta.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants