[Security] Bump webpack-dev-server from 3.1.4 to 3.1.10

[dependabot-preview]

Bumps webpack-dev-server from 3.1.4 to 3.1.10. This update includes security fixes.

Vulnerabilities fixed

Sourced from The npm Advisory Database.

Missing Origin Validation
Versions of webpack-dev-server before 3.1.6 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement (HMR) are not validated.

Affected versions: <=3.1.5

Release notes

Sourced from webpack-dev-server's releases.

v3.1.10

2018-10-23

Bug Fixes

• options: add writeToDisk option to schema (#1520) (d2f4902)
• package: update sockjs-client v1.1.5...1.3.0 (url-parse vulnerability) (#1537) (e719959)
• Server: set tls.DEFAULT_ECDH_CURVE to 'auto' (#1531) (c12def3)

v3.1.9

No release notes provided.

v3.1.8

2018-09-06

Bug Fixes

• package: yargs security vulnerability (dependencies) (#1492) (8fb67c9)
• utils/createLogger: ensure quiet always takes precedence (options.quiet) (#1486) (7a6ca47)

v3.1.7

2018-08-29

Bug Fixes

• Server: don't use spdy on node >= v10.0.0 (#1451) (8ab9eb6)

v3.1.6

2018-08-26

Bug Fixes

• bin: handle process signals correctly when the server isn't ready yet (#1432) (334c3a5)
• examples/cli: correct template path in open-page example (#1401) (df30727)
• schema: allow the output filename to be a {Function} (#1409) (e2220c4)

v3.1.5

• Send the Progress event in the client so plugins can use it (#1427)
• Update sockjs-client to fix infinite reconnection loop (#1434)

Changelog

Sourced from webpack-dev-server's changelog.

3.1.10 (2018-10-23)

Bug Fixes

• options: add writeToDisk option to schema (#1520) (d2f4902)
• package: update sockjs-client v1.1.5...1.3.0 (url-parse vulnerability) (#1537) (e719959)
• Server: set tls.DEFAULT_ECDH_CURVE to 'auto' (#1531) (c12def3)

3.1.9 (2018-09-24)

3.1.8 (2018-09-06)

Bug Fixes

• package: yargs security vulnerability (dependencies) (#1492) (8fb67c9)
• utils/createLogger: ensure quiet always takes precedence (options.quiet) (#1486) (7a6ca47)

3.1.7 (2018-08-29)

Bug Fixes

• Server: don't use spdy on node >= v10.0.0 (#1451) (8ab9eb6)

3.1.6 (2018-08-26)

Bug Fixes

• bin: handle process signals correctly when the server isn't ready yet (#1432) (334c3a5)
• examples/cli: correct template path in open-page example (#1401) (df30727)
• schema: allow the output filename to be a {Function} (#1409) (e2220c4)

Commits

• fe3219f chore(release): 3.1.10
• c12def3 fix(Server): set tls.DEFAULT_ECDH_CURVE to 'auto' (#1531)
• e719959 fix(package): update sockjs-client v1.1.5...1.3.0 (url-parse vulnerabilit...
• d2f4902 fix(options): add writeToDisk option to schema (#1520)
• bb484ad chore(release): 3.1.9
• 8b8b087 chore(package): update webpack-dev-middleware v3.3.0...3.4.0 (dependencies)
• d0725c9 chore(package): update webpack-dev-middleware v3.2.0...3.3.0 (`dependencies...
• cbe6813 refactor(package): cross-platform prepare script (scripts) (#1498)
• 3d37cc5 chore(release): 3.1.8
• 8fb67c9 fix(package): yargs security vulnerability (dependencies) (#1492)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by michael-ciniawsky, a new releaser for webpack-dev-server since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

If all status checks pass Dependabot will automatically merge this pull request.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

---

⚠️ Dependabot won't automerge this PR as it didn't detect CI on it ⚠️

You have automerging enabled for this repo but Dependabot didn't detect any CI statuses or checks. You can disable automerging on this repo from here.

[dependabot-preview]

Superseded by #76.