chore(deps): bump webpack-dev-middleware and react-styleguidist #639

dependabot · 2024-07-16T10:07:54Z

Bumps webpack-dev-middleware to 5.3.4 and updates ancestor dependency react-styleguidist. These dependencies need to be updated together.

Updates webpack-dev-middleware from 3.7.2 to 5.3.4

Release notes

Sourced from webpack-dev-middleware's releases.

v5.3.4

5.3.4 (2024-03-20)

Bug Fixes

security: do not allow to read files above (#1779) (189c4ac)

v5.3.3

5.3.3 (2022-05-18)

Bug Fixes

types for Request and Response (#1271) (eeb8aa8)

v5.3.2

5.3.2 (2022-05-17)

Bug Fixes

node types (#1195) (d68ab36)

compatibility with Node.js 18

v5.3.1

5.3.1 (2022-02-01)

Bug Fixes

types (#1187) (0f82e1d)

v5.3.0

5.3.0 (2021-12-16)

Features

added types (a2fa77f)

removed cjs wrapper (#1146) (b6d53d3)

v5.2.2

5.2.2 (2021-11-17)

Chore

update schema-utils package to 4.0.0 version

... (truncated)

Changelog

Sourced from webpack-dev-middleware's changelog.

5.3.4 (2024-03-20)

Bug Fixes

security: do not allow to read files above (#1779) (189c4ac)

5.3.3 (2022-05-18)

Bug Fixes

types for Request and Response (#1271) (eeb8aa8)

5.3.2 (2022-05-17)

Bug Fixes

node types (#1195) (d68ab36)

5.3.1 (2022-02-01)

Bug Fixes

types (#1187) (0f82e1d)

5.3.0 (2021-12-16)

Features

added types (a2fa77f)

removed cjs wrapper (#1146) (b6d53d3)

5.2.2 (2021-11-17)

Chore

update schema-utils package to 4.0.0 version

5.2.1 (2021-09-25)

internal release, no visible changes and features

5.2.0 (2021-09-24)

... (truncated)

Commits

86071ea chore(release): 5.3.4
189c4ac fix(security): do not allow to read files above (#1779)
f3c62b8 chore(release): 5.3.3
eeb8aa8 fix: types for Request and Response (#1271)
1a45388 chore(release): 5.3.2
b8fb945 chore(deps): memfs force update (#1269)
f88067d chore: update deps and ci (#1260)
7186318 chore(deps-dev): bump @commitlint/cli
57c50ef ci: update checkout, setup-node, and codecov actions (#1267)
840146a chore(deps-dev): bump @babel/preset-env
Additional commits viewable in compare view

Updates react-styleguidist from 8.0.6 to 13.1.3

Release notes

Sourced from react-styleguidist's releases.

v13.1.3

13.1.3 (2024-06-20)

Bug Fixes

replace deprecated defaultProps (9886b64)

v13.1.2

13.1.2 (2024-01-19)

Bug Fixes

remove some unnecessary ignores (#2160) (5574044)

v13.1.1

13.1.1 (2023-02-13)

Bug Fixes

update peer deps (#2125) (0802ffb)

v13.1.0

13.1.0 (2023-02-13)

Features

upgrade types and create release React 18 upgrade (#2124) (9e37850)

v13.1.0-alpha1

React 18 support

v13.0.0

13.0.0 (2022-10-14)

Upgrade to React 17 (#2037) (374acc5), closes #2037

BREAKING CHANGES

React 16 no longer supported

v12.0.1

12.0.1 (2022-10-06)

... (truncated)

Commits

9886b64 fix: replace deprecated defaultProps
5574044 fix: remove some unnecessary ignores (#2160)
e81b3da Bump node (#2159)
540f00e Fix preview error handling (#2158)
0802ffb fix: update peer deps (#2125)
9e37850 feat: upgrade types and create release React 18 upgrade (#2124)
a31450e update node version release workflow step (#2123)
310b08a Upgrade to React 18 (#2087) (#2110)
2ba612a Replace enzyme with React testing library (#2086)
5e6f5cf docs: Update link to commit convention
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

socket-security · 2024-07-16T10:08:45Z

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@bcoe/[email protected]	None	`0`	277 kB	bcoe
npm/@istanbuljs/[email protected]	None	`0`	17.2 kB	coreyfarrell
npm/@jridgewell/[email protected]	None	`0`	177 kB	jridgewell
npm/@leichtgewicht/[email protected]	None	`0`	17.7 kB	leichtgewicht
npm/@popperjs/[email protected]	None	`0`	1.46 MB	fezvrasta
npm/@tippyjs/[email protected]	environment	`0`	231 kB	atomiks
npm/@types/[email protected]	None	`0`	7.65 kB	types
npm/@types/[email protected]	None	`0`	5.57 kB	types
npm/@types/[email protected]	None	`0`	4.86 kB	types
npm/@types/[email protected]	None	`0`	5.91 kB	types
npm/@types/[email protected]	None	`0`	46.2 kB	types
npm/@types/[email protected]	None	`0`	7.86 kB	types
npm/@types/[email protected]	None	`0`	6.59 kB	types
npm/@types/[email protected]	None	`0`	14.4 kB	types
npm/@types/[email protected]	None	`0`	11.1 kB	types
npm/@types/[email protected]	None	`0`	3.78 kB	types
npm/@types/[email protected]	None	`0`	63.1 kB	types
npm/@types/[email protected]	None	`0`	6.71 kB	types
npm/@types/[email protected]	None	`0`	7.34 kB	types
npm/@types/[email protected]	None	`0`	4.62 kB	types
npm/@types/[email protected]	None	`0`	8.42 kB	types
npm/@types/[email protected]	None	`0`	437 kB	types
npm/@types/[email protected]	None	`0`	7.65 kB	types
npm/@types/[email protected]	None	`0`	9.85 kB	types
npm/@types/[email protected]	None	`0`	4.71 kB	types
npm/@types/[email protected]	None	`0`	7.79 kB	types
npm/@types/[email protected]	None	`0`	5.35 kB	types
npm/@types/[email protected]	None	`0`	21.2 kB	types
npm/@vxna/[email protected]	None	`0`	9.58 kB	vxna
npm/[email protected]	None	`+2`	241 kB	dougwilson
npm/[email protected]	None	`0`	10.1 kB	jordangens
npm/[email protected]	environment, filesystem, shell	`0`	13 kB	fengmk2
npm/[email protected]	Transitive: eval	`+3`	1.12 MB	esp
npm/[email protected]	None	`0`	20.1 kB	mahdyar
npm/[email protected]	None	`0`	2.63 kB	ryanzim
npm/[email protected]	network Transitive: environment, eval, filesystem, unsafe	`+10`	453 kB	dougwilson
npm/[email protected]	None	`0`	66.2 kB	mdidon
npm/[email protected]	None	`+2`	3.58 MB	mourner
npm/[email protected]	filesystem, unsafe Transitive: environment	`+19`	1.02 MB	oss-bot
npm/[email protected]	None	`0`	35.7 kB	johnagan
npm/[email protected]	None	`0`	6.39 kB	feross
npm/[email protected]	None	`0`	17 kB	jorgebucaran
npm/[email protected]	None	`0`	5.04 kB	75lb
npm/[email protected]	None	`0`	8.45 kB	75lb
npm/[email protected]	None	`0`	228 kB	fatfisz
npm/[email protected]	None	`+1`	226 kB	dougwilson
npm/[email protected]	None	`0`	10.2 kB	bripkens
npm/[email protected]	None	`+1`	51.2 kB	dougwilson
npm/[email protected]	None	`0`	10.5 kB	dougwilson
npm/[email protected]	None	`0`	23.7 kB	dougwilson
npm/[email protected]	Transitive: environment	`+5`	318 kB	evilebottnawi
npm/[email protected]	None	`0`	33.2 kB	trysound
npm/[email protected]	None	`0`	1.25 MB	faddee
npm/[email protected]	None	`0`	31.2 kB	tehshrike
npm/[email protected]	Transitive: environment, filesystem, shell	`+12`	162 kB	silverwind
npm/[email protected]	None	`0`	4.45 kB	sindresorhus
npm/[email protected]	filesystem	`0`	9.02 kB	dougwilson
npm/[email protected]	None	`0`	2.76 kB	iliakan
npm/[email protected]	None	`0`	61 kB	silverwind
npm/[email protected]	None	`0`	14.7 kB	coderaiser
npm/[email protected]	environment, filesystem, network	`0`	215 kB	wesleytodd
npm/[email protected]	None	`0`	111 kB	gurgunday
npm/[email protected]	None	`0`	21.3 kB	ka-weihe
npm/[email protected]	network	`0`	30.8 kB	jcoglan
npm/[email protected]	None	`0`	62.1 kB	avoidwork
npm/[email protected]	environment	`0`	18.6 kB	dougwilson
npm/[email protected]	network	`0`	29.4 kB	rubenverborgh
npm/[email protected]	shell	`0`	9.4 kB	bcoe
npm/[email protected]	filesystem, shell Transitive: environment, eval	`+15`	1.92 MB	piotr-oles
npm/[email protected]	None	`0`	5.88 kB	dougwilson
npm/[email protected]	filesystem, unsafe	`0`	21.3 kB	streamich
npm/[email protected]	None	`0`	13.5 kB	wooorm
npm/[email protected]	filesystem	`+1`	13.4 kB	sindresorhus
npm/[email protected]	None	`0`	12.1 kB	indutny
npm/[email protected]	None	`0`	8.13 kB	bevacqua
npm/[email protected]	None	`0`	287 kB	mdevils
npm/[email protected]	None	`0`	25.8 kB	jimbly
npm/[email protected]	network	`+1`	67.9 kB	chimurai
npm/[email protected]	None	`0`	44.3 kB	ehmicky
npm/[email protected]	None	`0`	5.01 kB	rexxars
npm/[email protected]	environment	`0`	872 kB	mweststrate
npm/[email protected]	None	`0`	62.3 kB	whitequark
npm/[email protected]	filesystem	`0`	3.01 kB	sindresorhus
npm/[email protected]	None	`0`	2.68 kB	sindresorhus
npm/[email protected]	None	`0`	71.9 kB	blakeembrey
npm/[email protected]	None	`0`	21.8 kB	kof
npm/[email protected]	environment	`0`	25.2 kB	kof
npm/[email protected]	None	`0`	120 kB	kof
npm/[email protected]	None	`0`	107 kB	kof
npm/[email protected]	None	`0`	86.9 kB	kof
npm/[email protected]	environment	`0`	50.5 kB	kof
npm/[email protected]	environment, eval	`0`	470 kB	kof
npm/[email protected]	environment, filesystem, shell	`+1`	61 kB	soda
npm/[email protected]	None	`0`	20.2 kB	ljharb
npm/[email protected]	None	`0`	2.78 kB	sindresorhus
npm/[email protected]	None	`+1`	405 kB	antfu
npm/[email protected]	None	`+2`	86.4 kB	wooorm
npm/[email protected]	None	`0`	51 kB	wooorm
npm/[email protected]	filesystem	`0`	186 kB	streamich
npm/[email protected]	None	`0`	619 kB	wooorm
npm/[email protected]	None	`+1`	75.7 kB	sapegin
npm/[email protected]	None	`0`	13.3 kB	lukeed
npm/[email protected]	network	`0`	22 kB	mafintosh
npm/[email protected]	None	`0`	27.4 kB	dougwilson
npm/[email protected]	None	`0`	1.66 MB	davidlehn
npm/[email protected]	unsafe	`0`	13.7 kB	dougwilson
npm/[email protected]	environment, filesystem, shell	`+1`	50 kB	sindresorhus
npm/[email protected]	None	`+1`	29.9 kB	sindresorhus
npm/[email protected]	None	`0`	4.25 kB	sindresorhus
npm/[email protected]	None	`0`	2.05 MB	rundevelopment
npm/[email protected]	None	`+1`	57.5 kB	dougwilson
npm/[email protected]	None	`0`	8.37 kB	lukeed
npm/[email protected]	Transitive: environment, filesystem	`+7`	365 kB	iansu
npm/[email protected]	None	`0`	3.42 kB	jmeyering
npm/[email protected]	None	`+2`	580 kB	nerdlabs
npm/[email protected]	Transitive: environment, filesystem, unsafe	`+16`	5.77 MB	danez
npm/[email protected]	network	`0`	385 kB	iansu
npm/[email protected]	None	`0`	5.12 kB	sapegin
npm/[email protected]	None	`0`	33.6 MB	kamijin_fanta
npm/[email protected]	None	`0`	68.9 kB	oliviertassinari
npm/[email protected]	environment, filesystem Transitive: eval, shell	`+16`	5.02 MB	sapegin
npm/[email protected]	filesystem	`+1`	752 kB	eventualbuddha
npm/[email protected]	filesystem	`0`	5.82 kB	bnb
npm/[email protected]	None	`0`	8.25 kB	wooorm
npm/[email protected]	None	`0`	10 kB	wooorm
npm/[email protected]	None	`0`	9.03 kB	wooorm
npm/[email protected]	unsafe	`0`	3.42 kB	floatdrop
npm/[email protected]	None	`0`	25.4 kB	jfromaniello
npm/[email protected]	filesystem, network	`+1`	56.9 kB	dougwilson
npm/[email protected]	None	`0`	16.9 kB	redonkulus
npm/[email protected]	None	`0`	25.2 kB	dougwilson
npm/[email protected]	filesystem, network	`+1`	199 kB	brycekahle
npm/[email protected]	None	`0`	3.05 kB	sindresorhus
npm/[email protected]	None	`0`	3.14 kB	johno
npm/[email protected]	None	`0`	8.31 kB	alexreardon
npm/[email protected]	environment	`0`	2.07 MB	atomiks
npm/[email protected]	None	`+1`	84.6 kB	wooorm
npm/[email protected]	filesystem, unsafe	`0`	47.6 kB	oss-bot
npm/[email protected]	None	`+1`	51.2 kB	wooorm
npm/[email protected]	filesystem	`0`	83.5 kB	evilebottnawi
npm/[email protected]	environment, eval, network Transitive: filesystem	`+2`	813 kB	evilebottnawi
npm/[email protected]	None	`0`	55 kB	jcoglan
npm/[email protected]	None	`0`	6.03 kB	sindresorhus
npm/[email protected]	None	`0`	6.45 kB	wooorm

View full report↗︎

socket-security · 2024-07-16T10:08:48Z

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Trivial Package	npm/[email protected]	Location: Package overview	`package-lock.json`	🚫
Trivial Package	npm/[email protected]	Location: Package overview	`package-lock.json`	🚫
Install scripts	npm/[email protected]	Install script: postinstall Source: `node -e "try{require('./postinstall')}catch(e){}"`	`package-lock.json` `package.json`	🚫
Unstable ownership	npm/[email protected]	Author: wesleytodd	`package-lock.json`	🚫

View full report↗︎

Next steps

What are trivial packages?

Packages less than 10 lines of code are easily copied into your own project and may not warrant the additional supply chain risk of an external dependency.

Removing this package as a dependency and implementing its logic will reduce supply chain risk.

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

What is unstable ownership?

A new collaborator has begun publishing package versions. Package stability and security risk may be elevated.

Try to reduce the amount of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore npm/[email protected]
@SocketSecurity ignore npm/[email protected]
@SocketSecurity ignore npm/[email protected]
@SocketSecurity ignore npm/[email protected]

Bumps [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) to 5.3.4 and updates ancestor dependency [react-styleguidist](https://github.com/styleguidist/react-styleguidist). These dependencies need to be updated together. Updates `webpack-dev-middleware` from 3.7.2 to 5.3.4 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v3.7.2...v5.3.4) Updates `react-styleguidist` from 8.0.6 to 13.1.3 - [Release notes](https://github.com/styleguidist/react-styleguidist/releases) - [Commits](styleguidist/react-styleguidist@v8.0.6...v13.1.3) --- updated-dependencies: - dependency-name: webpack-dev-middleware dependency-type: indirect - dependency-name: react-styleguidist dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies label Jul 16, 2024

dependabot bot force-pushed the dependabot/npm_and_yarn/multi-7bae211f61 branch from c8f74aa to 2ce50b2 Compare July 16, 2024 10:58

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump webpack-dev-middleware and react-styleguidist #639

chore(deps): bump webpack-dev-middleware and react-styleguidist #639

dependabot bot commented on behalf of github Jul 16, 2024 •

edited

Loading

socket-security bot commented Jul 16, 2024 •

edited

Loading

socket-security bot commented Jul 16, 2024 •

edited

Loading

chore(deps): bump webpack-dev-middleware and react-styleguidist #639

Are you sure you want to change the base?

chore(deps): bump webpack-dev-middleware and react-styleguidist #639

Conversation

dependabot bot commented on behalf of github Jul 16, 2024 • edited Loading

v5.3.4

5.3.4 (2024-03-20)

Bug Fixes

v5.3.3

5.3.3 (2022-05-18)

Bug Fixes

v5.3.2

5.3.2 (2022-05-17)

Bug Fixes

v5.3.1

5.3.1 (2022-02-01)

Bug Fixes

v5.3.0

5.3.0 (2021-12-16)

Features

v5.2.2

5.2.2 (2021-11-17)

Chore

5.3.4 (2024-03-20)

Bug Fixes

5.3.3 (2022-05-18)

Bug Fixes

5.3.2 (2022-05-17)

Bug Fixes

5.3.1 (2022-02-01)

Bug Fixes

5.3.0 (2021-12-16)

Features

5.2.2 (2021-11-17)

Chore

5.2.1 (2021-09-25)

5.2.0 (2021-09-24)

v13.1.3

13.1.3 (2024-06-20)

Bug Fixes

v13.1.2

13.1.2 (2024-01-19)

Bug Fixes

v13.1.1

13.1.1 (2023-02-13)

Bug Fixes

v13.1.0

13.1.0 (2023-02-13)

Features

v13.1.0-alpha1

v13.0.0

13.0.0 (2022-10-14)

BREAKING CHANGES

v12.0.1

12.0.1 (2022-10-06)

socket-security bot commented Jul 16, 2024 • edited Loading

socket-security bot commented Jul 16, 2024 • edited Loading

Next steps

dependabot bot commented on behalf of github Jul 16, 2024 •

edited

Loading

socket-security bot commented Jul 16, 2024 •

edited

Loading

socket-security bot commented Jul 16, 2024 •

edited

Loading