[Security] Bump webpack-dev-server from 3.1.4 to 3.1.14

[dependabot-preview]

Bumps webpack-dev-server from 3.1.4 to 3.1.14. This update includes security fixes.

Vulnerabilities fixed

Sourced from The npm Advisory Database.

Missing Origin Validation
Versions of webpack-dev-server before 3.1.6 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement (HMR) are not validated.

Affected versions: <=3.1.5

Release notes

Sourced from webpack-dev-server's releases.

v3.1.14

3.1.14 (2018-12-24)

Bug Fixes

• add workaround for Origin header in sockjs (#1608) (1dfd4fb)

v3.1.13

3.1.13 (2018-12-22)

Bug Fixes

• delete a comma for Node.js <= v7.x (#1609) (0bab1c0)

v3.1.12

3.1.12 (2018-12-22)

Bug Fixes

• regression in checkHost for checking Origin header (#1606) (8bb3ca8)

v3.1.11

3.1.11 (2018-12-21)

Bug Fixes

• bin/options: correct check for color support (options.color) (#1555) (55398b5)
• package: update spdy v3.4.1...4.0.0 (assertion error) (#1491) (#1563) (7a3a257)
• Server: correct node version checks (#1543) (927a2b3)
• Server: mime type for wasm in contentBase directory (#1575) (#1580) (fadae5d)
• add url for compatibility with webpack@5 (#1598) (#1599) (68dd49a)
• check origin header for websocket connection (#1603) (b3217ca)

v3.1.10

2018-10-23

Bug Fixes

• options: add writeToDisk option to schema (#1520) (d2f4902)
• package: update sockjs-client v1.1.5...1.3.0 (url-parse vulnerability) (#1537) (e719959)
• Server: set tls.DEFAULT_ECDH_CURVE to 'auto' (#1531) (c12def3)

... (truncated)

Changelog

Sourced from webpack-dev-server's changelog.

3.1.14 (2018-12-24)

Bug Fixes

• add workaround for Origin header in sockjs (#1608) (1dfd4fb)

3.1.13 (2018-12-22)

Bug Fixes

• delete a comma for Node.js <= v7.x (#1609) (0bab1c0)

3.1.12 (2018-12-22)

Bug Fixes

• regression in checkHost for checking Origin header (#1606) (8bb3ca8)

3.1.11 (2018-12-21)

Bug Fixes

• bin/options: correct check for color support (options.color) (#1555) (55398b5)
• package: update spdy v3.4.1...4.0.0 (assertion error) (#1491) (#1563) (7a3a257)
• Server: correct node version checks (#1543) (927a2b3)
• Server: mime type for wasm in contentBase directory (#1575) (#1580) (fadae5d)
• add url for compatibility with webpack@5 (#1598) (#1599) (68dd49a)
• check origin header for websocket connection (#1603) (b3217ca)

3.1.10 (2018-10-23)

Bug Fixes

... (truncated)

Commits

• 4b7a828 chore(release): 3.1.14
• 1dfd4fb fix: add workaround for Origin header in sockjs (#1608)
• bddfe16 chore(release): 3.1.13
• 0bab1c0 fix: delete a comma for Node.js <= v7.x (#1609)
• 9443239 chore(release): 3.1.12
• 8bb3ca8 fix: regression in checkHost for checking Origin header (#1606)
• ff2874f chore(release): 3.1.11
• b3217ca fix: check origin header for websocket connection (#1603)
• 68dd49a fix: add url for compatibility with webpack@5 (#1598) (#1599)
• fadae5d fix(Server): mime type for wasm in contentBase directory (#1575) (#1580)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack-dev-server since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[dependabot-preview]

Superseded by #400.