Update dependency webpack-dev-server to v5

[dev-mend-for-github-com]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
webpack-dev-server	dependencies	major	3.11.3 → 5.2.1

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	Vulnerability	Reachability
Critical	9.8	CVE-2023-42282

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	Vulnerability	Reachability
High	8.8	CVE-2022-0512
High	8.1	CVE-2022-1650
High	7.5	CVE-2022-24771
High	7.5	CVE-2022-24772
Medium	6.5	CVE-2022-0639
Medium	6.5	CVE-2022-0686
Medium	6.5	CVE-2022-0691
Medium	5.3	CVE-2022-0122
Medium	5.3	CVE-2022-24773
Medium	5.3	CVE-2025-30359

---

Release Notes

webpack/webpack-dev-server (webpack-dev-server)

v5.2.1

Compare Source

Security

• cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
• requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

• prevent overlay for errors caught by React error boundaries (#​5431) (8c1abc9)
• take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#​5411) (ffd0b86)

v5.2.0

Compare Source

Features

• added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

• speed up initial client bundling (145b5d0)

v5.1.0

Compare Source

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#​5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#​5267) (6509a3f)

Bug Fixes

• check the platform property to determinate the target (#​5269) (c3b532c)
• ipv6 output (#​5270) (06005e7)
• replace rimraf with rm (#​5162) (1a1561f)
• replace default gateway (#​5255) (f5f0902)
• support devServer: false (#​5272) (8b341cb)

5.0.4 (2024-03-19)

Bug Fixes

• security: bump webpack-dev-middleware (#​5112) (aab576a)

5.0.3 (2024-03-12)

Bug Fixes

• types: proxy (#​5101) (6e1aed3)

5.0.2 (2024-02-16)

Bug Fixes

• types (#​5057) (da2c24d)

5.0.1 (2024-02-13)

Bug Fixes

• avoid using eval in client (#​5045) (7681477)
• overlay and require-trusted-types-for (#​5046) (e115436)

v5.0.4

Compare Source

Security

• cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
• requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

• prevent overlay for errors caught by React error boundaries (#​5431) (8c1abc9)
• take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#​5411) (ffd0b86)

v5.0.3

Compare Source

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#​5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#​5267) (6509a3f)

Bug Fixes

• check the platform property to determinate the target (#​5269) (c3b532c)
• ipv6 output (#​5270) (06005e7)
• replace rimraf with rm (#​5162) (1a1561f)
• replace default gateway (#​5255) (f5f0902)
• support devServer: false (#​5272) (8b341cb)

5.0.4 (2024-03-19)

Bug Fixes

• security: bump webpack-dev-middleware (#​5112) (aab576a)

5.0.3 (2024-03-12)

Bug Fixes

• types: proxy (#​5101) (6e1aed3)

5.0.2 (2024-02-16)

Bug Fixes

• types (#​5057) (da2c24d)

5.0.1 (2024-02-13)

Bug Fixes

• avoid using eval in client (#​5045) (7681477)
• overlay and require-trusted-types-for (#​5046) (e115436)

v5.0.2

Compare Source

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#​5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#​5267) (6509a3f)

Bug Fixes

• check the platform property to determinate the target (#​5269) (c3b532c)
• ipv6 output (#​5270) (06005e7)
• replace rimraf with rm (#​5162) (1a1561f)
• replace default gateway (#​5255) (f5f0902)
• support devServer: false (#​5272) (8b341cb)

5.0.4 (2024-03-19)

Bug Fixes

• security: bump webpack-dev-middleware (#​5112) (aab576a)

5.0.3 (2024-03-12)

Bug Fixes

• types: proxy (#​5101) (6e1aed3)

5.0.2 (2024-02-16)

Bug Fixes

• types (#​5057) (da2c24d)

5.0.1 (2024-02-13)

Bug Fixes

• avoid using eval in client (#​5045) (7681477)
• overlay and require-trusted-types-for (#​5046) (e115436)

v5.0.1

Compare Source

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#​5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#​5267) (6509a3f)

Bug Fixes

• check the platform property to determinate the target (#​5269) (c3b532c)
• ipv6 output (#​5270) (06005e7)
• replace rimraf with rm (#​5162) (1a1561f)
• replace default gateway (#​5255) (f5f0902)
• support devServer: false (#​5272) (8b341cb)

5.0.4 (2024-03-19)

Bug Fixes

• security: bump webpack-dev-middleware (#​5112) (aab576a)

5.0.3 (2024-03-12)

Bug Fixes

• types: proxy (#​5101) (6e1aed3)

5.0.2 (2024-02-16)

Bug Fixes

• types (#​5057) (da2c24d)

5.0.1 (2024-02-13)

Bug Fixes

• avoid using eval in client (#​5045) (7681477)
• overlay and require-trusted-types-for (#​5046) (e115436)

v5.0.0

Compare Source

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#​5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#​5267) (6509a3f)

Bug Fixes

• check the platform property to determinate the target (#​5269) (c3b532c)
• ipv6 output (#​5270) (06005e7)
• replace rimraf with rm (#​5162) (1a1561f)
• replace default gateway (#​5255) (f5f0902)
• support devServer: false (#​5272) (8b341cb)

5.0.4 (2024-03-19)

Bug Fixes

• security: bump webpack-dev-middleware (#​5112) (aab576a)

5.0.3 (2024-03-12)

Bug Fixes

• types: proxy (#​5101) (6e1aed3)

5.0.2 (2024-02-16)

Bug Fixes

• types (#​5057) (da2c24d)

5.0.1 (2024-02-13)

Bug Fixes

• avoid using eval in client (#​5045) (7681477)
• overlay and require-trusted-types-for (#​5046) (e115436)

v4.15.2

Compare Source

4.15.2 (2024-03-20)

Bug Fixes

• security: bump webpack-dev-middleware (4116209)

v4.15.1

Compare Source

Migration Guide and Changes.

4.15.1 (2023-06-09)

Bug Fixes

• replace :: with localhost before openBrowser() (#​4856) (874c44b)
• types: compatibility with @types/ws (#​4899) (34bcec2)

v4.15.0

Compare Source

Migration Guide and Changes.

4.15.1 (2023-06-09)

Bug Fixes

• replace :: with localhost before openBrowser() (#​4856) (874c44b)
• types: compatibility with @types/ws (#​4899) (34bcec2)

v4.14.0

Compare Source

Features

• allow CLI to be ESM (#​4837) (bb4a5d9)
• allow filter overlay errors/warnings with function (#​4813) (aab01b3)

4.13.3 (2023-04-15)

Bug Fixes

• perf: reduced initial start time (#​4818) (fcf01d1)

4.13.2 (2023-03-31)

Bug Fixes

• prevent open 0.0.0.0 in browser due windows problems (04e74f2)

4.13.1 (2023-03-18)

Bug Fixes

• make webpack optional peer dependency (#​4778) (71be54e)

v4.13.3

Compare Source

Features

• allow CLI to be ESM (#​4837) (bb4a5d9)
• allow filter overlay errors/warnings with function (#​4813) (aab01b3)

4.13.3 (2023-04-15)

Bug Fixes

• perf: reduced initial start time (#​4818) (fcf01d1)

4.13.2 (2023-03-31)

Bug Fixes

• prevent open 0.0.0.0 in browser due windows problems (04e74f2)

4.13.1 (2023-03-18)

Bug Fixes

• make webpack optional peer dependency (#​4778) (71be54e)

v4.13.2

Compare Source

Features

• allow CLI to be ESM (#​4837) (bb4a5d9)
• allow filter overlay errors/warnings with function (#​4813) (aab01b3)

4.13.3 (2023-04-15)

Bug Fixes

• perf: reduced initial start time (#​4818) (fcf01d1)

4.13.2 (2023-03-31)

Bug Fixes

• prevent open 0.0.0.0 in browser due windows problems (04e74f2)

4.13.1 (2023-03-18)

Bug Fixes

• make webpack optional peer dependency (#​4778) (71be54e)

v4.13.1

Compare Source

Features

• allow CLI to be ESM (#​4837) (bb4a5d9)
• allow filter overlay errors/warnings with function (#​4813) (aab01b3)

4.13.3 (2023-04-15)

Bug Fixes

• perf: reduced initial start time (#​4818) (fcf01d1)

4.13.2 (2023-03-31)

Bug Fixes

• prevent open 0.0.0.0 in browser due windows problems (04e74f2)

4.13.1 (2023-03-18)

Bug Fixes

• make webpack optional peer dependency (#​4778) (71be54e)

v4.13.0

Compare Source

Features

• allow CLI to be ESM (#​4837) (bb4a5d9)
• allow filter overlay errors/warnings with function (#​4813) (aab01b3)

4.13.3 (2023-04-15)

Bug Fixes

• perf: reduced initial start time (#​4818) (fcf01d1)

4.13.2 (2023-03-31)

Bug Fixes

• prevent open 0.0.0.0 in browser due windows problems (04e74f2)

4.13.1 (2023-03-18)

Bug Fixes

• make webpack optional peer dependency (#​4778) (71be54e)

v4.12.0

Compare Source

Features

• allow to set the sockjs_url option (only sockjs) using the webSocketServer.options.sockjsUrl option (#​4586) (69a2fba)
• catch runtime error (#​4605) (87a26cf)
• improve styles for overlay (#​4576) (791fb85)
• open editor when clicking error on overlay (#​4587) (efb2cec)

Bug Fixes

• compatibility with experiments.buildHttp (#​4585) (5b846cb)
• respect NODE_PATH env variable (#​4581) (b857e6f)

4.11.1 (2022-09-19)

Bug Fixes

• respect client.logging option for all logs (#​4572) (375835c)

v4.11.1

Compare Source

Features

• allow to set the sockjs_url option (only sockjs) using the webSocketServer.options.sockjsUrl option (#​4586) (69a2fba)
• catch runtime error (#​4605) (87a26cf)
• improve styles for overlay (#​4576) (791fb85)
• open editor when clicking error on overlay (#​4587) (efb2cec)

Bug Fixes

• compatibility with experiments.buildHttp (#​4585) (5b846cb)
• respect NODE_PATH env variable (#​4581) (b857e6f)

4.11.1 (2022-09-19)

Bug Fixes

• respect client.logging option for all logs (#​4572) (375835c)

v4.11.0

Compare Source

Features

• allow to set the sockjs_url option (only sockjs) using the webSocketServer.options.sockjsUrl option (#​4586) (69a2fba)
• catch runtime error (#​4605) (87a26cf)
• improve styles for overlay (#​4576) (791fb85)
• open editor when clicking error on overlay (#​4587) (efb2cec)

Bug Fixes

• compatibility with experiments.buildHttp (#​4585) (5b846cb)
• respect NODE_PATH env variable (#​4581) (b857e6f)

4.11.1 (2022-09-19)

Bug Fixes

• respect client.logging option for all logs (#​4572) (375835c)

v4.10.1

Compare Source

Features

• make allowedHosts accept localhost subdomains by default (#​4357) (0a33e6a)

Bug Fixes

• auto reply to OPTIONS requests only when unhandled (#​4559) (984af02), closes #​4551

4.10.1 (2022-08-29)

Bug Fixes

• compatibility with old browsers (#​4544) (6a430d4)

v4.10.0

Compare Source

Features

• make allowedHosts accept localhost subdomains by default (#​4357) (0a33e6a)

Bug Fixes

• auto reply to OPTIONS requests only when unhandled (#​4559) (984af02), closes #​4551

4.10.1 (2022-08-29)

Bug Fixes

• compatibility with old browsers (#​4544) (6a430d4)

v4.9.3

Compare Source

Features

• allow to configure more client options via resource URL (#​4274) (216e3cb)

Bug Fixes

• response correctly when receive an OPTIONS request (#​4185) (2b3b7e0)

4.9.3 (2022-06-29)

Bug Fixes

• avoid creation unnecessary stream for static sockjs file (#​4482) (049b153)
• history-api-fallback now supports HEAD requests and handles them the same as GET (8936082)

4.9.2 (2022-06-06)

Bug Fixes

• add @types/serve-static to dependencies (#​4468) (af83deb)

4.9.1 (2022-05-31)

Bug Fixes

• security problem with sockjs (#​4465) (e765182)

v4.9.2

Compare Source

Features

• allow to configure more client options via resource URL (#​4274) (216e3cb)

Bug Fixes

• response correctly when receive an OPTIONS request (#​4185) (2b3b7e0)

4.9.3 (2022-06-29)

Bug Fixes

• avoid creation unnecessary stream for static sockjs file (#​4482) (049b153)
• history-api-fallback now supports HEAD requests and handles them the same as GET (8936082)

4.9.2 (2022-06-06)

Bug Fixes

• add @types/serve-static to dependencies (#​4468) (af83deb)

4.9.1 (2022-05-31)

Bug Fixes

• security problem with sockjs (#​4465) (e765182)

v4.9.1

Compare Source

Features

• allow to configure more client options via resource URL (#​4274) (216e3cb)

Bug Fixes

• response correctly when receive an OPTIONS request (#​4185) (2b3b7e0)

4.9.3 (2022-06-29)

Bug Fixes

• avoid creation unnecessary stream for static sockjs file (#​4482) (049b153)
• history-api-fallback now supports HEAD requests and handles them the same as GET (8936082)

4.9.2 (2022-06-06)

Bug Fixes

• add @types/serve-static to dependencies (#​4468) (af83deb)

4.9.1 (2022-05-31)

Bug Fixes

• security problem with sockjs (#​4465) (e765182)

v4.9.0

Compare Source

Features

• allow to configure more client options via resource URL (#​4274) (216e3cb)

Bug Fixes

• response correctly when receive an OPTIONS request (#​4185) (2b3b7e0)

4.9.3 (2022-06-29)

Bug Fixes

• avoid creation unnecessary stream for static sockjs file (#​4482) (049b153)
• history-api-fallback now supports HEAD requests and handles them the same as GET (8936082)

4.9.2 (2022-06-06)

Bug Fixes

• add @types/serve-static to dependencies (#​4468) (af83deb)

4.9.1 (2022-05-31)

Bug Fixes

• security problem with sockjs (#​4465) (e765182)

v4.8.1

Compare Source

Features

• support Trusted Types for client overlay (#​4404) (8132e1d)

Bug Fixes

• ie11 runtime (#​4403) (256d5fb)
• replace portfinder with custom implementation and fix security problem (#​4384) (eea50f3)
• use the host in options to check if port is available (#​4385) (a10c7cf)

4.8.1 (2022-04-06)

Bug Fixes

• types (#​4373) (f6fe6be)

v4.8.0

Compare Source

Features

• support Trusted Types for client overlay (#​4404) (8132e1d)

Bug Fixes

• ie11 runtime (#​4403) (256d5fb)
• replace portfinder with custom implementation and fix security problem (#​4384) (eea50f3)
• use the host in options to check if port is available (#​4385) ([a10

[dev-mend-for-github-com]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: src/Administration/Resources/app/administration/package-lock.json

npm error code ERESOLVE
npm error ERESOLVE could not resolve
npm error
npm error While resolving: webpack-dev-server@5.2.1
npm error Found: webpack@4.46.0
npm error node_modules/webpack
npm error   webpack@"4.46.0" from the root project
npm error   peer webpack@"^4.0.0 || ^5.0.0" from copy-webpack-plugin@5.1.2
npm error   node_modules/@shopware-ag/webpack-plugin-injector/node_modules/copy-webpack-plugin
npm error     copy-webpack-plugin@"^5.1.1" from @shopware-ag/webpack-plugin-injector@1.0.6
npm error     node_modules/@shopware-ag/webpack-plugin-injector
npm error       @shopware-ag/webpack-plugin-injector@"1.0.6" from the root project
npm error   26 more (babel-loader, clean-webpack-plugin, ...)
npm error
npm error Could not resolve dependency:
npm error peerOptional webpack@"^5.0.0" from webpack-dev-server@5.2.1
npm error node_modules/webpack-dev-server
npm error   webpack-dev-server@"5.2.1" from the root project
npm error
npm error Conflicting peer dependency: webpack@5.105.2
npm error node_modules/webpack
npm error   peerOptional webpack@"^5.0.0" from webpack-dev-server@5.2.1
npm error   node_modules/webpack-dev-server
npm error     webpack-dev-server@"5.2.1" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /tmp/renovate/cache/others/npm/_logs/2026-02-25T21_58_08_951Z-eresolve-report.txt
npm error A complete log of this run can be found in: /tmp/renovate/cache/others/npm/_logs/2026-02-25T21_58_08_951Z-debug-0.log