Skip to content

chore(deps-dev): bump webpack-dev-server from 5.2.4 to 5.2.5#35

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/webpack-dev-server-5.2.5
Open

chore(deps-dev): bump webpack-dev-server from 5.2.4 to 5.2.5#35
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/webpack-dev-server-5.2.5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps webpack-dev-server from 5.2.4 to 5.2.5.

Release notes

Sourced from webpack-dev-server's releases.

v5.2.5

Patch Changes

  • Skip the HMR WebSocket path when forwarding upgrade requests to user-defined proxies, so custom proxy WebSocket upgrades are no longer intercepted by the dev server. (by @​bjohansebas in #5680)
Changelog

Sourced from webpack-dev-server's changelog.

5.2.5

Patch Changes

  • Skip the HMR WebSocket path when forwarding upgrade requests to user-defined proxies, so custom proxy WebSocket upgrades are no longer intercepted by the dev server. (by @​bjohansebas in #5680)

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

Commits
  • c3ee325 chore(release): new release (#5682)
  • 60173be feat: add changeset validation and release workflow (#5680)
  • 948d5e6 fix(proxy): match the HMR upgrade path exactly like the ws server (#5678)
  • 93e8996 fix: skip HMR websocket path when forwarding upgrades to user-defined proxies...
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for webpack-dev-server since your current version.


@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 30, 2026
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jun 30, 2026

Copy link
Copy Markdown

Deploying dtrader-template with  Cloudflare Pages  Cloudflare Pages

Latest commit: ba4f268
Status: ✅  Deploy successful!
Preview URL: https://edb6b7de.dtrader-template.pages.dev
Branch Preview URL: https://dependabot-npm-and-yarn-webp-2sn4.dtrader-template.pages.dev

View logs

@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ✅ 0 package(s) with unknown licenses.
  • ⚠️ 1 packages with OpenSSF Scorecard issues.
See the Details below.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/fastest-levenshtein 1.0.16 ⚠️ 2.3
Details
CheckScoreReason
Token-Permissions⚠️ -1No tokens found
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ -1no dependencies found
Dangerous-Workflow⚠️ -1no workflows found
Binary-Artifacts🟢 10no binaries found in the repo
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review⚠️ 2Found 6/23 approved changesets -- score normalized to 2
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/p-map 4.0.0 🟢 4.2
Details
CheckScoreReason
Code-Review🟢 4Found 12/30 approved changesets -- score normalized to 4
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 33 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 3
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/text-table 0.2.0 🟢 4.6
Details
CheckScoreReason
Maintained⚠️ 00 commit(s) out of 25 and 0 issue activity out of 11 found in the last 90 days -- score normalized to 0
Code-Review⚠️ 0no reviews found
CII-Best-Practices⚠️ 0no badge detected
Signed-Releases⚠️ -1no releases found
Vulnerabilities🟢 10no vulnerabilities detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Token-Permissions🟢 10tokens are read-only in GitHub workflows
Packaging⚠️ -1no published package detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
License🟢 10license file detected
Pinned-Dependencies🟢 10all dependencies are pinned
Security-Policy⚠️ 0security policy file not detected
Dependency-Update-Tool⚠️ 0no update tool detected
SAST⚠️ 0no SAST tool detected
Fuzzing⚠️ 0project is not fuzzed

Scanned Manifest Files

package-lock.json
  • webpack-dev-server@5.2.4
  • fastest-levenshtein@1.0.16
  • p-map@4.0.0
  • text-table@0.2.0
  • webpack-dev-server@5.2.5
  • @emnapi/core@1.11.2
  • @emnapi/runtime@1.11.2
  • fastest-levenshtein@1.0.16
  • p-map@4.0.0
  • text-table@0.2.0
packages/core/package.json
  • webpack-dev-server@^5.2.5
  • webpack-dev-server@^5.2.4

Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server) from 5.2.4 to 5.2.5.
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack-dev-server@v5.2.4...v5.2.5)

---
updated-dependencies:
- dependency-name: webpack-dev-server
  dependency-version: 5.2.5
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants