fix: update webpack-dev-server to secure versions (^4.15.2 || ^5.2.2)#585
Conversation
Addresses security vulnerability CVE-2025-30359 in webpack-dev-server versions ≤5.2.0 that allows source code theft. Updates peerDependencies to require minimum secure versions: - 4.x: ^4.15.2 (from ^4.9.0) - 5.x: ^5.2.2 (from ^5.0.0) Resolves #584 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
|
Warning Rate limit exceeded@justin808 has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 2 minutes and 46 seconds before requesting another review. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Should we encourage moving to 5.x? |
Summary
Addresses critical security vulnerability CVE-2025-30359 in webpack-dev-server versions ≤5.2.0 that allows source code theft when users access malicious websites.
Changes
webpack-dev-serverpeerDependency constraint from^4.9.0 || ^5.0.0to^4.15.2 || ^5.2.2Security Impact
The vulnerability (CVE-2025-30359) allows attackers to steal source code by exploiting how webpack-dev-server handles script requests. The fix in versions 4.15.2+ and 5.2.1+ addresses origin validation issues.
Testing
Migration Notes
Users can upgrade by running:
npm update webpack-dev-serveryarn upgrade webpack-dev-serverpnpm update webpack-dev-serverResolves #584
🤖 Generated with Claude Code