Protei/PromucFlow_constructor
2
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
0b1dbc440d
PromucFlow_constructor/app/client/config/webpackDevServer.config.js
Abhinav Jha 7eadf893df
fix: Upgrade packages (#40935) 
## Description
- Upgrades packages reported by Dependabot:
- `nanoid`
- `brace-expansion`
- `webpack-dev-server`
- `path-to-regexp`
- `vite`
- `http-proxy-middleware`


Fixes the following issues
- https://github.com/appsmithorg/appsmith/security/dependabot/416
- https://github.com/appsmithorg/appsmith/security/dependabot/406
- https://github.com/appsmithorg/appsmith/security/dependabot/408
- https://github.com/appsmithorg/appsmith/security/dependabot/332
- https://github.com/appsmithorg/appsmith/security/dependabot/361
- https://github.com/appsmithorg/appsmith/security/dependabot/415
- https://github.com/appsmithorg/appsmith/security/dependabot/414
- https://github.com/appsmithorg/appsmith/security/dependabot/413
- https://github.com/appsmithorg/appsmith/security/dependabot/418

## Automation

/ok-to-test tags="@tag.All"

### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results  -->
> [!TIP]
> 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/15630439422>
> Commit: 2b6f4a45af4410f079b96c4c06606f33af5e7b99
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=15630439422&attempt=2"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.All`
> Spec:
> <hr>Fri, 13 Jun 2025 10:49:32 UTC
<!-- end of auto-generated comment: Cypress test results  -->


## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [x] No


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

- **New Features**
- Improved development server configuration for enhanced compatibility
and middleware management.

- **Bug Fixes**
- Updated unique key generation to ensure consistency and reliability
across the application.

- **Chores**
- Upgraded and adjusted dependencies for better stability and security.
  - Refined package resolution to address version conflicts.

- **Style**
- Standardized string formatting and code styling in development
scripts.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-06-16 12:12:55 +05:30

136 lines
6.1 KiB
JavaScript
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

"use strict";
const fs = require("fs");
const evalSourceMapMiddleware = require("react-dev-utils/evalSourceMapMiddleware");
const noopServiceWorkerMiddleware = require("react-dev-utils/noopServiceWorkerMiddleware");
const ignoredFiles = require("react-dev-utils/ignoredFiles");
const redirectServedPath = require("react-dev-utils/redirectServedPathMiddleware");
const paths = require("./paths");
const getHttpsConfig = require("./getHttpsConfig");
const host = process.env.HOST || "0.0.0.0";
const sockHost = process.env.WDS_SOCKET_HOST;
const sockPath = process.env.WDS_SOCKET_PATH; // default: '/ws'
const sockPort = process.env.WDS_SOCKET_PORT;
module.exports = function (proxy, allowedHost) {
const disableFirewall =
!proxy || process.env.DANGEROUSLY_DISABLE_HOST_CHECK === "true";
return {
// WebpackDevServer 2.4.3 introduced a security fix that prevents remote
// websites from potentially accessing local content through DNS rebinding:
// https://github.com/webpack/webpack-dev-server/issues/887
// https://medium.com/webpack/webpack-dev-server-middleware-security-issues-1489d950874a
// However, it made several existing use cases such as development in cloud
// environment or subdomains in development significantly more complicated:
// https://github.com/facebook/create-react-app/issues/2271
// https://github.com/facebook/create-react-app/issues/2233
// While we're investigating better solutions, for now we will take a
// compromise. Since our WDS configuration only serves files in the `public`
// folder we won't consider accessing them a vulnerability. However, if you
// use the `proxy` feature, it gets more dangerous because it can expose
// remote code execution vulnerabilities in backends like Django and Rails.
// So we will disable the host check normally, but enable it if you have
// specified the `proxy` setting. Finally, we let you override it if you
// really know what you're doing with a special environment variable.
// Note: ["localhost", ".localhost"] will support subdomains - but we might
// want to allow setting the allowedHosts manually for more complex setups
allowedHosts: disableFirewall ? "all" : [allowedHost],
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "*",
"Access-Control-Allow-Headers": "*",
},
// Enable gzip compression of generated files.
compress: true,
static: {
// By default WebpackDevServer serves physical files from current directory
// in addition to all the virtual build products that it serves from memory.
// This is confusing because those files wont automatically be available in
// production build folder unless we copy them. However, copying the whole
// project directory is dangerous because we may expose sensitive files.
// Instead, we establish a convention that only files in `public` directory
// get served. Our build script will copy `public` into the `build` folder.
// In `index.html`, you can get URL of `public` folder with %PUBLIC_URL%:
// <link rel="icon" href="%PUBLIC_URL%/favicon.ico">
// In JavaScript code, you can access it with `process.env.PUBLIC_URL`.
// Note that we only recommend to use `public` folder as an escape hatch
// for files like `favicon.ico`, `manifest.json`, and libraries that are
// for some reason broken when imported through webpack. If you just want to
// use an image, put it in `src` and `import` it from JavaScript instead.
directory: paths.appPublic,
publicPath: [paths.publicUrlOrPath],
// By default files from `contentBase` will not trigger a page reload.
watch: {
// Reportedly, this avoids CPU overload on some systems.
// https://github.com/facebook/create-react-app/issues/293
// src/node_modules is not ignored to support absolute imports
// https://github.com/facebook/create-react-app/issues/1065
ignored: ignoredFiles(paths.appSrc),
},
},
client: {
webSocketURL: {
hostname: "127.0.0.1",
pathname: "/ws",
port: 3000,
protocol: "ws",
},
overlay: {
warnings: false,
errors: false,
},
},
devMiddleware: {
// It is important to tell WebpackDevServer to use the same "publicPath" path as
// we specified in the webpack config. When homepage is '.', default to serving
// from the root.
// remove last slash so user can land on `/test` instead of `/test/`
publicPath: paths.publicUrlOrPath.slice(0, -1),
},
// Determine server protocol (http/https) per WDS v5 `server` option
server: (() => {
const httpsConfig = getHttpsConfig();
if (httpsConfig) {
if (typeof httpsConfig === "object") {
return {
type: "https",
options: httpsConfig,
};
}
// boolean true means use basic https
return "https";
}
return "http";
})(),
host,
historyApiFallback: {
// Paths with dots should still use the history fallback.
// See https://github.com/facebook/create-react-app/issues/387.
disableDotRule: true,
index: paths.publicUrlOrPath,
},
// `proxy` is run between `before` and `after` `webpack-dev-server` hooks
proxy,
setupMiddlewares(middlewares, devServer) {
// ------------------------------
// Replaces deprecated onBeforeSetupMiddleware and onAfterSetupMiddleware.
// For details see: https://github.com/webpack/webpack-dev-server/blob/master/migration-v5.md
// ------------------------------
// Equivalent of previous onBeforeSetupMiddleware
middlewares.unshift(evalSourceMapMiddleware(devServer));
if (fs.existsSync(paths.proxySetup)) {
require(paths.proxySetup)(devServer.app);
}
// Equivalent of previous onAfterSetupMiddleware (executed last)
middlewares.push(redirectServedPath(paths.publicUrlOrPath));
middlewares.push(noopServiceWorkerMiddleware(paths.publicUrlOrPath));
return middlewares;
},
};
};
Reference in New Issue View Git Blame Copy Permalink