chore: replace portfinder with custom implementation

[ludofischer]

Fix #4383

• Get rid of security warnings related to async dependencies
• Drop lodash from prod.
• The implementation is based mostly on the get-port package, but searches for ports incrementing by 1 like portfinder and I;ve added TypeScript annotations.

• This is a bugfix
• This is a feature
• This is a code refactor
• This is a test update
• This is a docs update
• This is a metadata update

For Bugs and Features; did you add new tests?

I've added new unit tests for the custom port finder implementation.

Motivation / Use-Case

Remove dependency on vulnerable package async, also remove dependency on lodash.

Breaking Changes

There should be no breaking changes.

Additional Info

I am in doubt whether to go with this or the get-port package as in https://github.com/ludofischer/webpack-dev-server/tree/switch-port-finder
The code is a bit complex because it needs to take into account differences across operating systems, so it might be useful to rely on the expertise of the get-port maintainters. On the other hand there are more test failures with the get-port package and we would be stuck on the previous get-port major version, since it switched to ESM-only.

[alexander-akait]

The code is a bit complex because it needs to take into account differences across operating systems, so it might be useful to rely on the expertise of the get-port maintainters.

Can you clarify?

[codecov]

Codecov Report

Merging #4384 (a421822) into master (c9b6433) will increase coverage by 0.09%.
The diff coverage is 95.65%.

@@            Coverage Diff             @@
##           master    #4384      +/-   ##
==========================================
+ Coverage   92.18%   92.27%   +0.09%     
==========================================
  Files          15       16       +1     
  Lines        1549     1593      +44     
  Branches      591      596       +5     
==========================================
+ Hits         1428     1470      +42     
- Misses        112      114       +2     
  Partials        9        9              

Impacted Files	Coverage Δ
lib/getPort.js	95.45% <95.45%> (ø)
lib/Server.js	93.66% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c9b6433...a421822. Read the comment docs.

[ludofischer]

Can you clarify?

For example you need to check the port on every local interface, else the port might look free even though it's already taken:

webpack-dev-server/lib/getPort.js

Line 18 in 983a0aa

const getLocalHosts = () => {

Or the error codes you need to check for. This sort of thing someone who hasn't been maintaining a package like this for some time years will not understand.

[ludofischer]

I also think there is a mistake in the current webpack-dev-server implementation. When you pass a custom host, the custom host is not passed to portfinder, so portfinder might check the ports on the wrong host.
See this line

webpack-dev-server/lib/Server.js

Line 3200 in c9b6433

this.options.host = await Server.getHostname(

and the implementation of Server.getFreePort().

[alexander-akait]

I also think there is a mistake in the current webpack-dev-server implementation. When you pass a custom host, the custom host is not passed to portfinder, so portfinder might check the ports on the wrong host.

Yes, looks like a bug, let fix it too, do you want to fix it? If yes - here or in separate PR?

[ludofischer]

Yes, looks like a bug, let fix it too, do you want to fix it? If yes - here or in separate PR?

SInce it's a longstanding bug I would fix it in a different PR. I think it's better to release the current PR on its own.

[alexander-akait]

Thanks

[alexander-akait]

Let's fix a problem with host and I will do patch release

[ludofischer]

Let's fix a problem with host and I will do patch release

Do you mean fix the problem mentioned in #4384 (comment)?

[alexander-akait]

@ludofischer Yep 👍

[ludofischer]

@alexander-akait See #4385

[cjwilsontech]

Let's fix a problem with host and I will do patch release

@alexander-akait, any update on the patch release?

[alexander-akait]

Yep, today 👍