Upgrade webpack-dev-server to resolve security vulnerability

[luc122c]

Version

4.5.13

Reproduction link

github.com/luc122c/emoji-link

Environment info

Environment Info:

  System:
    OS: macOS 11.5.2
    CPU: (12) x64 Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
  Binaries:
    Node: 16.8.0 - /usr/local/bin/node
    Yarn: 1.22.11 - /usr/local/bin/yarn
    npm: 7.21.0 - /usr/local/bin/npm
  Browsers:
    Chrome: 93.0.4577.63
    Edge: Not Found
    Firefox: 91.0.2
    Safari: 14.1.2
  npmPackages:
    @vue/babel-helper-vue-jsx-merge-props:  1.2.1 
    @vue/babel-helper-vue-transform-on:  1.0.2 
    @vue/babel-plugin-jsx:  1.0.7 
    @vue/babel-plugin-transform-vue-jsx:  1.2.1 
    @vue/babel-preset-app:  5.0.0-beta.3 
    @vue/babel-preset-jsx:  1.2.4 
    @vue/babel-sugar-composition-api-inject-h:  1.2.1 
    @vue/babel-sugar-composition-api-render-instance:  1.2.4 
    @vue/babel-sugar-functional-vue:  1.2.2 
    @vue/babel-sugar-inject-h:  1.2.2 
    @vue/babel-sugar-v-model:  1.2.3 
    @vue/babel-sugar-v-on:  1.2.3 
    @vue/cli-overlay:  4.5.13 
    @vue/cli-plugin-babel: ^5.0.0-beta.3 => 5.0.0-beta.3 
    @vue/cli-plugin-eslint: ~4.5.0 => 4.5.13 
    @vue/cli-plugin-router:  4.5.13 
    @vue/cli-plugin-unit-jest: ^5.0.0-beta.3 => 5.0.0-beta.3 
    @vue/cli-plugin-vuex:  4.5.13 
    @vue/cli-service: ~4.5.0 => 4.5.13 
    @vue/cli-shared-utils:  4.5.13 (5.0.0-beta.3)
    @vue/compiler-core:  3.2.11 
    @vue/compiler-dom:  3.2.11 
    @vue/compiler-sfc: ^3.2.9 => 3.2.11 
    @vue/compiler-ssr:  3.2.11 
    @vue/component-compiler-utils:  3.2.2 
    @vue/preload-webpack-plugin:  1.1.2 
    @vue/reactivity:  3.2.11 
    @vue/ref-transform:  3.2.11 
    @vue/runtime-core:  3.2.11 
    @vue/runtime-dom:  3.2.11 
    @vue/shared:  3.2.11 
    @vue/test-utils: ^2.0.0-rc.14 => 2.0.0-rc.14 
    @vue/web-component-wrapper:  1.3.0 
    eslint-plugin-vue: ^7.0.0 => 7.17.0 
    jest-serializer-vue:  2.0.2 
    typescript: ~4.4.2 => 4.4.3 
    vue: ^3.2.9 => 3.2.11 
    vue-eslint-parser:  7.11.0 
    vue-hot-reload-api:  2.3.4 
    vue-jest: ^5.0.0-alpha.10 => 5.0.0-alpha.10 
    vue-loader:  15.9.8 (16.5.0)
    vue-style-loader:  4.1.3 
    vue-template-es2015-compiler:  1.9.1 
  npmGlobalPackages:
    @vue/cli: 4.5.13

Steps to reproduce

All projects with @vue/cli-service > webpack-dev-server > ansi-html will be vulnerable.

What is expected?

No security vulnerability

What is actually happening?

Project is vulnerable via Uncontrolled Resource Consumption in ansi-html

---

Security advisory here: GHSA-whgm-jr23-g3j9
Resolution here: webpack/webpack-dev-server#3801

[haoqunjiang]

This doesn't expose any real vulnerability.

We are working on the upgrade though: #6669