Fix webpack-dev-server vulnerability, upgrade dependencies

robbinjohansson · Feb 1, 2019 · baf6366 · baf6366
1 parent 0aafdd3
commit baf6366
Show file tree

Hide file tree

Showing 6 changed files with 1,080 additions and 15,882 deletions.
diff --git a/.gitignore b/.gitignore
@@ -2,3 +2,4 @@
 npm-debug.log
 yarn-debug.log
 yarn-error.log
+.DS_Store
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,11 @@
 
 All notable changes to `vuebbble` will be documented in this file.
 
+## [2.7.2] - 2019-02-01
+
+### Fixed
+- Upgrade `webpack-dev-server` to `^3.1.14` due to security vulnerability in `<3.1.11` (https://nvd.nist.gov/vuln/detail/CVE-2018-14732). As a result the following packages had to be updated: `vue-loader@^14.2.2`, `webpack@^4.29.0`. Also added `webpack-cli` as a dev dependency.
+
 ## [2.7.1] - 2019-01-31
 
 ### Added