[Snyk] Upgrade webpack-dev-server from 4.15.2 to 5.2.2

[mnk-blr]

Snyk has created this PR to upgrade webpack-dev-server from 4.15.2 to 5.2.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 9 versions ahead of your current version.

• The recommended version was released 8 months ago.

Release notes

Package name: webpack-dev-server

• 5.2.2 - 2025-06-03
  

  5.2.2 (2025-06-03)

  Bug Fixes

  • "Overlay enabled" false positive (18e72ee)
  • do not crush when error is null for runtime errors (#5447) (309991f)
  • remove unnecessary header X_TEST (#5451) (64a6124)
  • respect the allowedHosts option for cross-origin header check (#5510) (03d1214)
• 5.2.1 - 2025-03-26
  

  5.2.1 (2025-03-26)

  Security

  • cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
  • requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

  The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

  Bug Fixes

  • prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
  • take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)
• 5.2.0 - 2024-12-11
  

  5.2.0 (2024-12-11)

  Features

  • added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

  Bug Fixes

  • speed up initial client bundling (145b5d0)
• 5.1.0 - 2024-09-03
  

  5.1.0 (2024-09-03)

  Features

  • add visual progress indicators (a8f40b7)
  • added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
  • allow the server option to be Function (#5275) (02a1c6d)
  • http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

  Bug Fixes

  • check the platform property to determinate the target (#5269) (c3b532c)
  • ipv6 output (#5270) (06005e7)
  • replace rimraf with rm (#5162) (1a1561f)
  • replace default gateway (#5255) (f5f0902)
  • support devServer: false (#5272) (8b341cb)
• 5.0.4 - 2024-03-19
  

  5.0.4 (2024-03-19)

  Bug Fixes

  • security: bump webpack-dev-middleware (#5112) (aab576a)
• 5.0.3 - 2024-03-12
  

  5.0.3 (2024-03-12)

  Bug Fixes

  • types: proxy (#5101) (6e1aed3)
• 5.0.2 - 2024-02-16
  

  5.0.2 (2024-02-16)

  Bug Fixes

  • types (#5057) (da2c24d)
• 5.0.1 - 2024-02-13
  

  5.0.1 (2024-02-13)

  Bug Fixes

  • avoid using eval in client (#5045) (7681477)
  • overlay and require-trusted-types-for (#5046) (e115436)
• 5.0.0 - 2024-02-12
  

  5.0.0 (2024-02-12)

  Migration Guide and Changes.

• 4.15.2 - 2024-03-20
  

  4.15.2 (2024-03-20)

  Bug Fixes

  • security: bump webpack-dev-middleware (4116209)

from webpack-dev-server GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[mnk-blr]

⛔ Snyk checks have failed. 4 issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (4)
⛔	Open Source Security	0	4	0	0	4 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.