Laravel-mix: Missing Origin Validation in webpack-dev-server dependency

Created on 29 Nov 2018  路  12Comments  路  Source: JeffreyWay/laravel-mix

Description:

high | Missing Origin Validation
------------ | -------------
Package | webpack-dev-server
Patched in | >=3.1.6
Dependency of | laravel-mix
Path | laravel-mix > webpack-dev-server
More info | https://nodesecurity.io/advisories/725

Steps To Reproduce:

yarn audit

picture Yakoot
👍1

Most helpful comment

I am getting below error with Node Version 10.15 and NPM 6.4.1

=== npm audit security report ===

                             Manual Review
         Some vulnerabilities require your attention to resolve

      Visit https://go.npm.me/audit-guide for additional guidance

High Missing Origin Validation

Package webpack-dev-server

Patched in >=3.1.11

Dependency of react-scripts

Path react-scripts > webpack-dev-server

More info https://nodesecurity.io/advisories/725

found 1 high severity vulnerability in 35709 scanned packages
1 vulnerability requires manual review. See the full report for details.

picture panchalnv on 2 Jan 2019
👍15

All 12 comments

https://github.com/JeffreyWay/laravel-mix/pull/1810

ankurk91 picture ankurk91 on 29 Nov 2018

@Yakoot This is probably fixed in the latest (beta) release since it is I believe using Webpack 5 and fixing this issue requires using Webpack 4 or above. :+1:

If not then it will be fixed soon in the 4.x releases, presumably?

sustained picture sustained on 30 Nov 2018
🎉2 👍2

super, I'll check

Yakoot picture Yakoot on 30 Nov 2018

Can anyone confirm is this is fixed and if so how can we apply the fix on existing installations of Laravel 5.7 w/ laravel-mix v2.1.14?

hardeverick picture hardeverick on 3 Dec 2018

You can't fix this issue with v2 of Mix. The fix requires an upgrade to webpack 4. You can pull in the Mix 4 beta right now, or you can wait a week or so for it to officially be released to the public.

JeffreyWay picture JeffreyWay on 3 Dec 2018
👍2

Can anyone confirm is this is fixed and if so how can we apply the fix on existing installations of Laravel 5.7 w/ laravel-mix v2.1.14?

fixed in beta, I checked

Yakoot picture Yakoot on 3 Dec 2018

Thanks. I will update.

hardeverick picture hardeverick on 3 Dec 2018

how do we fix this for Laravel 5.5 w/laravel-mix with ^1.0 dependency?

joleenshook picture joleenshook on 6 Dec 2018

@joleenshook You can't, but it only affects people who are using hot reloading (npm run hot). If you're not running that command, you can ignore this issue.

JeffreyWay picture JeffreyWay on 6 Dec 2018

Perfect thanks.

joleenshook picture joleenshook on 6 Dec 2018

@sustained solved, thanks!

maximilianfixl picture maximilianfixl on 9 Dec 2018

I am getting below error with Node Version 10.15 and NPM 6.4.1

=== npm audit security report ===

                             Manual Review
         Some vulnerabilities require your attention to resolve

      Visit https://go.npm.me/audit-guide for additional guidance

High Missing Origin Validation

Package webpack-dev-server

Patched in >=3.1.11

Dependency of react-scripts

Path react-scripts > webpack-dev-server

More info https://nodesecurity.io/advisories/725

found 1 high severity vulnerability in 35709 scanned packages
1 vulnerability requires manual review. See the full report for details.

panchalnv picture panchalnv on 2 Jan 2019
👍15
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mstralka picture mstralka  路  3Comments
jpriceonline picture jpriceonline  路  3Comments
stefensuhat picture stefensuhat  路  3Comments
RomainGoncalves picture RomainGoncalves  路  3Comments
mementoneli picture mementoneli  路  3Comments