Update dependency webpack-dev-server to v5

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
webpack-dev-server	devDependencies	major	^3.9.0 -> ^5.0.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
Critical	9.8	CVE-2022-0691	#194
Critical	9.8	CVE-2023-42282	#249
Critical	9.1	CVE-2022-0686	#124
High	8.1	CVE-2022-1650	#147
High	7.7	CVE-2021-23386	#54
High	7.5	CVE-2022-24771	#135
High	7.5	CVE-2022-24772	#134
High	7.5	CVE-2024-37890	#268
High	7.5	CVE-2024-45296	#284
High	7.5	CVE-2024-52798	#311
High	7.4	CVE-2024-29180	#256
Medium	6.6	WS-2022-0008	#95
Medium	6.1	CVE-2022-0122	#93
Medium	6.1	CVE-2024-29041	#253
Medium	5.3	CVE-2021-32640	#55
Medium	5.3	CVE-2021-3664	#61
Medium	5.3	CVE-2022-0512	#122
Medium	5.3	CVE-2022-0639	#123
Medium	5.3	CVE-2022-24773	#133
Medium	5.3	CVE-2024-47764	#291
Medium	5.0	CVE-2024-43796	#287
Medium	5.0	CVE-2024-43799	#286

---

Release Notes

webpack/webpack-dev-server (webpack-dev-server)

v5.2.0

Compare Source

Features

• added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

• speed up initial client bundling (145b5d0)

v5.1.0

Compare Source

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#​5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#​5267) (6509a3f)

Bug Fixes

• check the platform property to determinate the target (#​5269) (c3b532c)
• ipv6 output (#​5270) (06005e7)
• replace rimraf with rm (#​5162) (1a1561f)
• replace default gateway (#​5255) (f5f0902)
• support devServer: false (#​5272) (8b341cb)

5.0.4 (2024-03-19)

Bug Fixes

• security: bump webpack-dev-middleware (#​5112) (aab576a)

5.0.3 (2024-03-12)

Bug Fixes

• types: proxy (#​5101) (6e1aed3)

5.0.2 (2024-02-16)

Bug Fixes

• types (#​5057) (da2c24d)

5.0.1 (2024-02-13)

Bug Fixes

• avoid using eval in client (#​5045) (7681477)
• overlay and require-trusted-types-for (#​5046) (e115436)

v5.0.4

Compare Source

v5.0.3

Compare Source

v5.0.2

Compare Source

v5.0.1

Compare Source

v5.0.0

Compare Source

Migration Guide and Changes.

4.15.1 (2023-06-09)

Bug Fixes

• replace :: with localhost before openBrowser() (#​4856) (874c44b)
• types: compatibility with @types/ws (#​4899) (34bcec2)

v4.15.2

Compare Source

4.15.2 (2024-03-20)

Bug Fixes

• security: bump webpack-dev-middleware (4116209)

v4.15.1

Compare Source

v4.15.0

Compare Source

Features

• overlay displays unhandled promise rejection (#​4849) (d1dd430)

v4.14.0

Compare Source

Features

• allow CLI to be ESM (#​4837) (bb4a5d9)
• allow filter overlay errors/warnings with function (#​4813) (aab01b3)

4.13.3 (2023-04-15)

Bug Fixes

• perf: reduced initial start time (#​4818) (fcf01d1)

4.13.2 (2023-03-31)

Bug Fixes

• prevent open 0.0.0.0 in browser due windows problems (04e74f2)

4.13.1 (2023-03-18)

Bug Fixes

• make webpack optional peer dependency (#​4778) (71be54e)

v4.13.3

Compare Source

v4.13.2

Compare Source

v4.13.1

Compare Source

v4.13.0

Compare Source

Features

• added client.overlay.runtimeErrors option to control runtime errors (#​4773) (dca2366)

v4.12.0

Compare Source

Features

• allow to set the sockjs_url option (only sockjs) using the webSocketServer.options.sockjsUrl option (#​4586) (69a2fba)
• catch runtime error (#​4605) (87a26cf)
• improve styles for overlay (#​4576) (791fb85)
• open editor when clicking error on overlay (#​4587) (efb2cec)

Bug Fixes

• compatibility with experiments.buildHttp (#​4585) (5b846cb)
• respect NODE_PATH env variable (#​4581) (b857e6f)

4.11.1 (2022-09-19)

Bug Fixes

• respect client.logging option for all logs (#​4572) (375835c)

v4.11.1

Compare Source

v4.11.0

Compare Source

Features

• make allowedHosts accept localhost subdomains by default (#​4357) (0a33e6a)

Bug Fixes

• auto reply to OPTIONS requests only when unhandled (#​4559) (984af02), closes #​4551

4.10.1 (2022-08-29)

Bug Fixes

• compatibility with old browsers (#​4544) (6a430d4)

v4.10.1

Compare Source

v4.10.0

Compare Source

Features

• allow to configure more client options via resource URL (#​4274) (216e3cb)

Bug Fixes

• response correctly when receive an OPTIONS request (#​4185) (2b3b7e0)

4.9.3 (2022-06-29)

Bug Fixes

• avoid creation unnecessary stream for static sockjs file (#​4482) (049b153)
• history-api-fallback now supports HEAD requests and handles them the same as GET (8936082)

4.9.2 (2022-06-06)

Bug Fixes

• add @types/serve-static to dependencies (#​4468) (af83deb)

4.9.1 (2022-05-31)

Bug Fixes

• security problem with sockjs (#​4465) (e765182)

v4.9.3

Compare Source

v4.9.2

Compare Source

v4.9.1

Compare Source

v4.9.0

Compare Source

Features

• support Trusted Types for client overlay (#​4404) (8132e1d)

Bug Fixes

• ie11 runtime (#​4403) (256d5fb)
• replace portfinder with custom implementation and fix security problem (#​4384) (eea50f3)
• use the host in options to check if port is available (#​4385) (a10c7cf)

4.8.1 (2022-04-06)

Bug Fixes

• types (#​4373) (f6fe6be)

v4.8.1

Compare Source

v4.8.0

Compare Source

Features

• export initialized socket client (#​4304) (7920364)

Bug Fixes

• update description for --no-client-reconnect (#​4248) (317648d)
• update description for --no-client (#​4250) (c3b6690)
• update description for --no-history-api-fallback (#​4277) (d63a0a2)
• update negated descriptions for more options (#​4287) (c64bd94)
• update schema to have negatedDescription only for type boolean (#​4280) (fcf8e8e)

4.7.4 (2022-02-02)

Bug Fixes

• add @​types/express (#​4226) (e55f728)
• negative descriptions (#​4216) (fd854c0)
• types for the proxy option (#​4173) (efec2f5)
• use CLI specific description for --open-app-name and --web-socket-server (#​4215) (329679a)

4.7.3 (2022-01-11)

Security

• update selfsigned to 2.0.0 version

4.7.2 (2021-12-29)

Bug Fixes

• apply onAfterSetupMiddleware after setupMiddlewares (as behavior earlier) (f6bc644)

4.7.1 (2021-12-22)

Bug Fixes

• removed url package, fixed compatibility with future webpack defaults (#​4132) (4e5d8ea)

v4.7.4

Compare Source

v4.7.3

Compare Source

v4.7.2

Compare Source

v4.7.1

Compare Source

v4.7.0

Compare Source

Features

• added the setupMiddlewares option and deprecated onAfterSetupMiddleware and onBeforeSetupMiddleware options (#​4068) (c13aa56)
• added types (8f02c3f)
• show deprecation warning for cacert option (#​4115) (c73ddfb)

Bug Fixes

• add description for watchFiles options (#​4057) (75f3817)
• allow passing options for custom server (#​4110) (fc8bed9)
• correct schema for ClientLogging (#​4084) (9b7ae7b)
• mark --open-app deprecated in favor of --open-app-name (#​4091) (693c28a)
• show deprecation warning for both https and http2 (#​4069) (d8d5d71)
• update --web-socket-server description (#​4098) (65955e9)
• update listen and close deprecation warning message (#​4097) (b217a19)
• update descriptions of https and server options (#​4094) (f97c9e2)

v4.6.0

Compare Source

Features

• allow to pass all chokidar options (#​4025) (5026601)

Bug Fixes

• reconnection logic (#​4044) (9b32c96)
• reload on warnings (#​4056) (1ba9720)

v4.5.0

Compare Source

Features

• add --web-socket-server-type option for CLI (#​4001) (17c390a)
• show deprecation warning for https/http2 option, migration guide for https and migration guide for http2 (because we use spdy for http2 due express doesn't support http2) (#​4003) (521cf85)

Bug Fixes

• infinity refresh on warnings (#​4006) (10da223)
• invalid host message is missing on client with https (#​3997) (#​3998) (ff0869c)
• remove process listeners after stopping the server (#​4013) (d198e4e)

v4.4.0

Compare Source

Features

• added the server option, now you can pass server options, example { server: { type: 'http', options: { maxHeaderSize: 32768 } } }, available options for http and https, note - for http2 is used spdy, options specified in the server.options option take precedence over https/http2 options (#​3940) (a70a7ef)
• added the client.reconnect option (#​3912) (5edad76)
• improve error handling within startCallback and endCallback (#​3969) (b0928ac)

Bug Fixes

• schema for web socket server type (#​3913) (f6aa6f7)
• typo in SSL information log (#​3939) (4c6103b)

4.3.1 (2021-10-04)

Bug Fixes

• perf (#​3906) (f6e2a19)

v4.3.1

Compare Source

v4.3.0

Compare Source

Features

• allow array for headers option (#​3847) (9911437)
• gracefully and force shutdown (#​3880) (db24b16)

Bug Fixes

• avoid web socket connection when web socket server is not running (#​3879) (8874d72)
• display file name for warnings/errors in overlay (#​3867) (d20def5)
• formatting errors/warnings (#​3877) (f0dbea0)
• handle 0 value of the port option property (ed67f66)

4.2.1 (2021-09-13)

Bug Fixes

• infinity loop for multi compiler mode (#​3840) (e019bd2)
• reloading logic for multi compiler mode (#​3841) (ef148ec)

4.2.0 (2021-09-09)

Features

• added the http.ca option (CLI option added too) (should be used instead cacert, because we will remove it in the next major release in favor the https.ca option)
• added the https.crl option (CLI options added too), more information
• https.ca/https.cacert/ https.cert/https.crl/https.key/https.pfx options are now accept Arrays of Buffer/string/Path to file, using --https-*-reset CLI options you can reset these options
• https.pfx/https.key can be Object[], more information
• https options can now accept custom options, you can use:

module.exports = {
  // Other options
  devServer: {
    https: {
      // Allow to set additional TSL options https://nodejs.org/api/tls.html#tls_tls_createsecurecontext_options
      minVersion: "TLSv1.1",
      ca: path.join(httpsCertificateDirectory, "ca.pem"),
      pfx: path.join(httpsCertificateDirectory, "server.pfx"),
      key: path.join(httpsCertificateDirectory, "server.key"),
      cert: path.join(httpsCertificateDirectory, "server.crt"),
      passphrase: "webpack-dev-server",
    },
  }
};

Bug Fixes

• accept connections with file: and chrome-extensions: protocol by default (#​3822) (138f064)
• close overlay on disconnection (#​3825) (011bcf1)
• respect https.cacert option (#​3820) (0002ebf)

4.1.1 (2021-09-07)

Bug Fixes

• improve the description of the magicHtml option (#​3772) (b80610f)
• replace ansi-html with ansi-html-community to avoid CVE (#​3801) (36fd214)

v4.2.1

Compare Source

v4.2.0

Compare Source

v4.1.1

Compare Source

v4.1.0

Compare Source

Features

• added the magicHtml option (#​3717) (4831f58)
• allow to set hot and live-reload for client using search params (1c57680)
• show warning when the hot option is enabled with the HMR plugin in config (#​3744) (6cb1e4e)

Bug Fixes

• change log type of Disconnected! to info (fde27f5)
• handle --allowed-hosts all correctly (#​3720) (326ed56)
• output documentation link on errors (#​3680) (e16221b)
• respect the bypass option with target/router options for proxy (b5dd568)

v4.0.0

Compare Source

v3.11.3

Compare Source

3.11.3 (2021-11-08)

Bug Fixes

• replace ansi-html with ansi-html-community (#​4011) (4fef67b)

v3.11.2

Compare Source

3.11.2 (2021-01-13)

Bug Fixes

• cli arguments for serve command (a5fe337)

v3.11.1

Compare Source

3.11.1 (2020-12-29)

Bug Fixes

• the open option works using webpack serve without value (#​2948) (4837dc9)
• vulnerable deps (#​2949) (78dde50)

v3.11.0

Compare Source

Features

• add icons for directory viewer (#​2441) (e953d01)
• allow multiple contentBasePublicPath paths (#​2489) (c6bdfe4)
• emit progress-update (#​2498) (4808abd), closes #​1666
• add invalidate endpoint (#​2493) (89ffb86)
• allow open option to accept an object (#​2492) (adeb92e)

Bug Fixes

• do not swallow errors from server (#​2512) (06583f2)
• security vulnerability in yargs-parser (#​2566) (41d1d0c)
• don't crash on setupExitSignals(undefined) (#​2507) (0d5c681)
• support entry descriptor (closes #​2453) (#​2465) (8bbef6a)
• update jquery (#​2516) (99ccfd8)

3.10.3 (2020-02-05)

Bug Fixes

• forward error requests to the proxy (#​2425) (e291cd4)

3.10.2 (2020-01-31)

Bug Fixes

• fallthrough non GET and HEAD request to routes (#​2374) (ebe8eca)
• add an optional peer dependency on webpack-cli (#​2396) (aa365df)
• add heartbeat for the websocket server (#​2404) (1a7c827)

3.10.1 (2019-12-19)

Bug Fixes

• ie11 compatibility (1306abe)

v3.10.3

Compare Source

v3.10.2

Compare Source

v3.10.1

Compare Source

v3.10.0

Compare Source

Features

• client: allow sock port to use location's port (sockPort: 'location') (#​2341) (dc10d06)
• server: add contentBasePublicPath option (#​2150) (cee700d)

Bug Fixes

• client: don't override protocol for socket connection to 127.0.0.1 (#​2303) (3a31917), closes #​2302
• server: respect sockPath on transportMode: 'ws' (#​2310) (#​2311) (e188542)
• https on chrome linux (#​2330) (dc8b475)
• support webpack@5 (#​2359) (8f89c01)

---

• If you want to rebase/retry this PR, check this box