Update dependency webpack-dev-server to v5

[dev-mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
webpack-dev-server	dependencies	major	^4.9.0 → ^5.0.0

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	Vulnerability	Reachability
High	7.5	CVE-2024-45296
High	7.5	CVE-2024-45590
Medium	5.3	CVE-2024-47764
Medium	5.3	CVE-2025-30359
Medium	5.0	CVE-2024-43800
Low	3.7	CVE-2026-2391

---

Release Notes

webpack/webpack-dev-server (webpack-dev-server)

v5.2.1

Compare Source

Security

• cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
• requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

• prevent overlay for errors caught by React error boundaries (#​5431) (8c1abc9)
• take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#​5411) (ffd0b86)

v5.2.0

Compare Source

Features

• added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

• speed up initial client bundling (145b5d0)

v5.1.0

Compare Source

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#​5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#​5267) (6509a3f)

Bug Fixes

• check the platform property to determinate the target (#​5269) (c3b532c)
• ipv6 output (#​5270) (06005e7)
• replace rimraf with rm (#​5162) (1a1561f)
• replace default gateway (#​5255) (f5f0902)
• support devServer: false (#​5272) (8b341cb)

5.0.4 (2024-03-19)

Bug Fixes

• security: bump webpack-dev-middleware (#​5112) (aab576a)

5.0.3 (2024-03-12)

Bug Fixes

• types: proxy (#​5101) (6e1aed3)

5.0.2 (2024-02-16)

Bug Fixes

• types (#​5057) (da2c24d)

5.0.1 (2024-02-13)

Bug Fixes

• avoid using eval in client (#​5045) (7681477)
• overlay and require-trusted-types-for (#​5046) (e115436)

v5.0.4

Compare Source

Security

• cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
• requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

• prevent overlay for errors caught by React error boundaries (#​5431) (8c1abc9)
• take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#​5411) (ffd0b86)

v5.0.3

Compare Source

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#​5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#​5267) (6509a3f)

Bug Fixes

• check the platform property to determinate the target (#​5269) (c3b532c)
• ipv6 output (#​5270) (06005e7)
• replace rimraf with rm (#​5162) (1a1561f)
• replace default gateway (#​5255) (f5f0902)
• support devServer: false (#​5272) (8b341cb)

5.0.4 (2024-03-19)

Bug Fixes

• security: bump webpack-dev-middleware (#​5112) (aab576a)

5.0.3 (2024-03-12)

Bug Fixes

• types: proxy (#​5101) (6e1aed3)

5.0.2 (2024-02-16)

Bug Fixes

• types (#​5057) (da2c24d)

5.0.1 (2024-02-13)

Bug Fixes

• avoid using eval in client (#​5045) (7681477)
• overlay and require-trusted-types-for (#​5046) (e115436)

v5.0.2

Compare Source

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#​5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#​5267) (6509a3f)

Bug Fixes

• check the platform property to determinate the target (#​5269) (c3b532c)
• ipv6 output (#​5270) (06005e7)
• replace rimraf with rm (#​5162) (1a1561f)
• replace default gateway (#​5255) (f5f0902)
• support devServer: false (#​5272) (8b341cb)

5.0.4 (2024-03-19)

Bug Fixes

• security: bump webpack-dev-middleware (#​5112) (aab576a)

5.0.3 (2024-03-12)

Bug Fixes

• types: proxy (#​5101) (6e1aed3)

5.0.2 (2024-02-16)

Bug Fixes

• types (#​5057) (da2c24d)

5.0.1 (2024-02-13)

Bug Fixes

• avoid using eval in client (#​5045) (7681477)
• overlay and require-trusted-types-for (#​5046) (e115436)

v5.0.1

Compare Source

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#​5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#​5267) (6509a3f)

Bug Fixes

• check the platform property to determinate the target (#​5269) (c3b532c)
• ipv6 output (#​5270) (06005e7)
• replace rimraf with rm (#​5162) (1a1561f)
• replace default gateway (#​5255) (f5f0902)
• support devServer: false (#​5272) (8b341cb)

5.0.4 (2024-03-19)

Bug Fixes

• security: bump webpack-dev-middleware (#​5112) (aab576a)

5.0.3 (2024-03-12)

Bug Fixes

• types: proxy (#​5101) (6e1aed3)

5.0.2 (2024-02-16)

Bug Fixes

• types (#​5057) (da2c24d)

5.0.1 (2024-02-13)

Bug Fixes

• avoid using eval in client (#​5045) (7681477)
• overlay and require-trusted-types-for (#​5046) (e115436)

v5.0.0

Compare Source

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#​5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#​5267) (6509a3f)

Bug Fixes

• check the platform property to determinate the target (#​5269) (c3b532c)
• ipv6 output (#​5270) (06005e7)
• replace rimraf with rm (#​5162) (1a1561f)
• replace default gateway (#​5255) (f5f0902)
• support devServer: false (#​5272) (8b341cb)

5.0.4 (2024-03-19)

Bug Fixes

• security: bump webpack-dev-middleware (#​5112) (aab576a)

5.0.3 (2024-03-12)

Bug Fixes

• types: proxy (#​5101) (6e1aed3)

5.0.2 (2024-02-16)

Bug Fixes

• types (#​5057) (da2c24d)

5.0.1 (2024-02-13)

Bug Fixes

• avoid using eval in client (#​5045) (7681477)
• overlay and require-trusted-types-for (#​5046) (e115436)

v4.15.2

Compare Source

4.15.2 (2024-03-20)

Bug Fixes

• security: bump webpack-dev-middleware (4116209)

v4.15.1

Compare Source

Migration Guide and Changes.

4.15.1 (2023-06-09)

Bug Fixes

• replace :: with localhost before openBrowser() (#​4856) (874c44b)
• types: compatibility with @types/ws (#​4899) (34bcec2)

v4.15.0

Compare Source

Migration Guide and Changes.

4.15.1 (2023-06-09)

Bug Fixes

• replace :: with localhost before openBrowser() (#​4856) (874c44b)
• types: compatibility with @types/ws (#​4899) (34bcec2)

v4.14.0

Compare Source

Features

• allow CLI to be ESM (#​4837) (bb4a5d9)
• allow filter overlay errors/warnings with function (#​4813) (aab01b3)

4.13.3 (2023-04-15)

Bug Fixes

• perf: reduced initial start time (#​4818) (fcf01d1)

4.13.2 (2023-03-31)

Bug Fixes

• prevent open 0.0.0.0 in browser due windows problems (04e74f2)

4.13.1 (2023-03-18)

Bug Fixes

• make webpack optional peer dependency (#​4778) (71be54e)

v4.13.3

Compare Source

Features

• allow CLI to be ESM (#​4837) (bb4a5d9)
• allow filter overlay errors/warnings with function (#​4813) (aab01b3)

4.13.3 (2023-04-15)

Bug Fixes

• perf: reduced initial start time (#​4818) (fcf01d1)

4.13.2 (2023-03-31)

Bug Fixes

• prevent open 0.0.0.0 in browser due windows problems (04e74f2)

4.13.1 (2023-03-18)

Bug Fixes

• make webpack optional peer dependency (#​4778) (71be54e)

v4.13.2

Compare Source

Features

• allow CLI to be ESM (#​4837) (bb4a5d9)
• allow filter overlay errors/warnings with function (#​4813) (aab01b3)

4.13.3 (2023-04-15)

Bug Fixes

• perf: reduced initial start time (#​4818) (fcf01d1)

4.13.2 (2023-03-31)

Bug Fixes

• prevent open 0.0.0.0 in browser due windows problems (04e74f2)

4.13.1 (2023-03-18)

Bug Fixes

• make webpack optional peer dependency (#​4778) (71be54e)

v4.13.1

Compare Source

Features

• allow CLI to be ESM (#​4837) (bb4a5d9)
• allow filter overlay errors/warnings with function (#​4813) (aab01b3)

4.13.3 (2023-04-15)

Bug Fixes

• perf: reduced initial start time (#​4818) (fcf01d1)

4.13.2 (2023-03-31)

Bug Fixes

• prevent open 0.0.0.0 in browser due windows problems (04e74f2)

4.13.1 (2023-03-18)

Bug Fixes

• make webpack optional peer dependency (#​4778) (71be54e)

v4.13.0

Compare Source

Features

• allow CLI to be ESM (#​4837) (bb4a5d9)
• allow filter overlay errors/warnings with function (#​4813) (aab01b3)

4.13.3 (2023-04-15)

Bug Fixes

• perf: reduced initial start time (#​4818) (fcf01d1)

4.13.2 (2023-03-31)

Bug Fixes

• prevent open 0.0.0.0 in browser due windows problems (04e74f2)

4.13.1 (2023-03-18)

Bug Fixes

• make webpack optional peer dependency (#​4778) (71be54e)

v4.12.0

Compare Source

Features

• allow to set the sockjs_url option (only sockjs) using the webSocketServer.options.sockjsUrl option (#​4586) (69a2fba)
• catch runtime error (#​4605) (87a26cf)
• improve styles for overlay (#​4576) (791fb85)
• open editor when clicking error on overlay (#​4587) (efb2cec)

Bug Fixes

• compatibility with experiments.buildHttp (#​4585) (5b846cb)
• respect NODE_PATH env variable (#​4581) (b857e6f)

4.11.1 (2022-09-19)

Bug Fixes

• respect client.logging option for all logs (#​4572) (375835c)

v4.11.1

Compare Source

Features

• allow to set the sockjs_url option (only sockjs) using the webSocketServer.options.sockjsUrl option (#​4586) (69a2fba)
• catch runtime error (#​4605) (87a26cf)
• improve styles for overlay (#​4576) (791fb85)
• open editor when clicking error on overlay (#​4587) (efb2cec)

Bug Fixes

• compatibility with experiments.buildHttp (#​4585) (5b846cb)
• respect NODE_PATH env variable (#​4581) (b857e6f)

4.11.1 (2022-09-19)

Bug Fixes

• respect client.logging option for all logs (#​4572) (375835c)

v4.11.0

Compare Source

Features

• allow to set the sockjs_url option (only sockjs) using the webSocketServer.options.sockjsUrl option (#​4586) (69a2fba)
• catch runtime error (#​4605) (87a26cf)
• improve styles for overlay (#​4576) (791fb85)
• open editor when clicking error on overlay (#​4587) (efb2cec)

Bug Fixes

• compatibility with experiments.buildHttp (#​4585) (5b846cb)
• respect NODE_PATH env variable (#​4581) (b857e6f)

4.11.1 (2022-09-19)

Bug Fixes

• respect client.logging option for all logs (#​4572) (375835c)

v4.10.1

Compare Source

Features

• make allowedHosts accept localhost subdomains by default (#​4357) (0a33e6a)

Bug Fixes

• auto reply to OPTIONS requests only when unhandled (#​4559) (984af02), closes #​4551

4.10.1 (2022-08-29)

Bug Fixes

• compatibility with old browsers (#​4544) (6a430d4)

v4.10.0

Compare Source

Features

• make allowedHosts accept localhost subdomains by default (#​4357) (0a33e6a)

Bug Fixes

• auto reply to OPTIONS requests only when unhandled (#​4559) (984af02), closes #​4551

4.10.1 (2022-08-29)

Bug Fixes

• compatibility with old browsers (#​4544) (6a430d4)

v4.9.3

Compare Source

Features

• allow to configure more client options via resource URL (#​4274) (216e3cb)

Bug Fixes

• response correctly when receive an OPTIONS request (#​4185) (2b3b7e0)

4.9.3 (2022-06-29)

Bug Fixes

• avoid creation unnecessary stream for static sockjs file (#​4482) (049b153)
• history-api-fallback now supports HEAD requests and handles them the same as GET (8936082)

4.9.2 (2022-06-06)

Bug Fixes

• add @types/serve-static to dependencies (#​4468) (af83deb)

4.9.1 (2022-05-31)

Bug Fixes

• security problem with sockjs (#​4465) (e765182)

v4.9.2

Compare Source

Features

• allow to configure more client options via resource URL (#​4274) (216e3cb)

Bug Fixes

• response correctly when receive an OPTIONS request (#​4185) (2b3b7e0)

4.9.3 (2022-06-29)

Bug Fixes

• avoid creation unnecessary stream for static sockjs file (#​4482) (049b153)
• history-api-fallback now supports HEAD requests and handles them the same as GET (8936082)

4.9.2 (2022-06-06)

Bug Fixes

• add @types/serve-static to dependencies (#​4468) (af83deb)

4.9.1 (2022-05-31)

Bug Fixes

• security problem with sockjs (#​4465) (e765182)

v4.9.1

Compare Source

Features

• allow to configure more client options via resource URL (#​4274) (216e3cb)

Bug Fixes

• response correctly when receive an OPTIONS request (#​4185) (2b3b7e0)

4.9.3 (2022-06-29)

Bug Fixes

• avoid creation unnecessary stream for static sockjs file (#​4482) (049b153)
• history-api-fallback now supports HEAD requests and handles them the same as GET (8936082)

4.9.2 (2022-06-06)

Bug Fixes

• add @types/serve-static to dependencies (#​4468) (af83deb)

4.9.1 (2022-05-31)

Bug Fixes

• security problem with sockjs (#​4465) (e765182)

---

• If you want to rebase/retry this PR, check this box