Skip to content

Bump the webpack group across 1 directory with 3 updates#9378

Merged
FreeTubeBot merged 4 commits into
developmentfrom
dependabot/npm_and_yarn/webpack-1c192e0022
Jul 8, 2026
Merged

Bump the webpack group across 1 directory with 3 updates#9378
FreeTubeBot merged 4 commits into
developmentfrom
dependabot/npm_and_yarn/webpack-1c192e0022

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the webpack group with 3 updates in the / directory: webpack, webpack-cli and webpack-dev-server.

Updates webpack from 5.108.3 to 5.108.4

Release notes

Sourced from webpack's releases.

v5.108.4

Patch Changes

Changelog

Sourced from webpack's changelog.

5.108.4

Patch Changes

Commits
  • bb9ccfd chore(release): new release (#21319)
  • 7639066 fix: invalidate provided-exports cache with lazy barrel (#21326)
  • ae28c54 perf: reduce CPU and memory overhead of the HTML and CSS pipelines (#21332)
  • e6fb547 perf: re-encode the HTML AST as struct-of-arrays behind a path-based visitor ...
  • 5ce1c22 fix(html): resolve asset URLs against <base href> (#21329)
  • 0e43c4a test(html): cover generateError, ignored-source, and null-character parse pat...
  • cebd793 refactor: build export-presence guards from a lazy boolean formula (#21320)
  • c2628cf fix: don't resolve new URL() directory references as modules (#21312)
  • 00d8b2f perf: speed up non-CSS-Modules CSS parsing by skipping unused AST work (#21324)
  • f7a3f6d perf: reduce HTML parser memory and CPU with parser-level skip options (#21323)
  • Additional commits viewable in compare view

Updates webpack-cli from 7.1.0 to 7.2.1

Release notes

Sourced from webpack-cli's releases.

webpack-cli@7.2.1

Patch Changes

webpack-cli@7.2.0

Minor Changes

  • feat: allow webpack-dev-server v6 as an optional peer dependency (^5.0.0 || ^6.0.0) (by @​bjohansebas in #4793)

  • Support tsx as a fallback loader for TypeScript and JSX configuration files (.ts, .tsx, .cts, .mts and .jsx), used when none of the loaders known to interpret (such as ts-node) are installed. (by @​alexander-akait in #4796)

Changelog

Sourced from webpack-cli's changelog.

7.2.1

Patch Changes

7.2.0

Minor Changes

  • feat: allow webpack-dev-server v6 as an optional peer dependency (^5.0.0 || ^6.0.0) (by @​bjohansebas in #4793)

  • Support tsx as a fallback loader for TypeScript and JSX configuration files (.ts, .tsx, .cts, .mts and .jsx), used when none of the loaders known to interpret (such as ts-node) are installed. (by @​alexander-akait in #4796)

Commits
  • 71e34db chore(release): new release (#4800)
  • 97c5541 fix: CLIPlugin dynamic import interop under Bun (#4799)
  • 40b631f chore(release): new release (#4794)
  • f896a9c chore(deps-dev): bump the dependencies group across 1 directory with 4 update...
  • b4ea5a7 test: update target flag tests for webpack 5.108 (#4797)
  • 9a5fef9 feat: support tsx as a fallback loader for TypeScript and JSX configs (#4796)
  • 6cafa00 chore(deps): bump http-proxy-middleware from 2.0.9 to 2.0.10 (#4795)
  • 3bfa81c docs: update (#4789)
  • d122911 chore: update webpack-dev-server peer dependency version (#4793)
  • See full diff in compare view

Updates webpack-dev-server from 5.2.5 to 6.0.0

Release notes

Sourced from webpack-dev-server's releases.

v6.0.0

Major Changes

  • Bump Express to v5. See the Express 5 migration guide for the full list of breaking changes. (by @​bjohansebas in #5674)

  • Bump the webpack peer dependency range from ^5.0.0 to ^5.101.0. (by @​bjohansebas in #5674)

  • Drop support for Node.js < 22.15.0. (by @​bjohansebas in #5674)

  • Convert the source to native ES modules. The package keeps "type": "module" and now exposes both an ESM and a CommonJS build via the exports field: ESM consumers import the native lib/, while CommonJS consumers require() a transpiled dist/ build, allowing the package to be consumed from both ESM and CommonJS without relying on require(ESM) for CommonJS consumers. (by @​bjohansebas in #5674)

  • Remove CLI flags. Use the serve command from webpack-cli together with a configuration file or the programmatic API instead. (by @​bjohansebas in #5674)

  • Remove the internalIP and internalIPSync static methods from Server. Resolve the local IP yourself if you need it. (by @​bjohansebas in #5674)

  • Remove the bypass option from proxy configuration. Use the router or context options provided by http-proxy-middleware instead. (by @​bjohansebas in #5674)

  • Remove SockJS support. The webSocketServer option no longer accepts "sockjs"; use the default "ws" transport instead. (by @​bjohansebas in #5674)

  • Remove the spdy dependency. Use the built-in node:http2 module via the server option for HTTP/2 support. (by @​bjohansebas in #5674)

  • Update http-proxy-middleware to v4. See the http-proxy-middleware v3 release notes and v4 release notes for the full list of breaking changes. (by @​bjohansebas in #5674)

  • Update webpack-dev-middleware to v8 and sync originalUrl for middleware compatibility. server.middleware.getFilenameFromUrl() is now asynchronous and resolves to { filename, extra: { stats, outputFileSystem } }. See the webpack-dev-middleware v8 release notes for details. (by @​bjohansebas in #5674)

Minor Changes

  • Add plugin support. webpack-dev-server can now be used as a webpack plugin, integrating with the compiler lifecycle without explicitly passing a compiler, preventing multiple server starts on recompilation, ensuring clean shutdown, and supporting MultiCompiler setups with multiple independent plugin servers. (by @​bjohansebas in #5674)

  • Enable the compression middleware for HTTP/2 connections. (by @​bjohansebas in #5674)

  • Remove the colorette dependency in favor of native ANSI styling. (by @​bjohansebas in #5674)

  • Update chokidar to v5 and extend watchFiles.options.ignored to support glob string patterns via tinyglobby. (by @​bjohansebas in #5674)

  • Use compiler.platform to determine the target environment instead of inspecting the resolved target string. Universal targets ("universal" or ["web", "node"], where compiler.platform.universal is true since webpack 5.108.0) are treated as web targets so the client runtime is injected. (by @​bjohansebas in #5674)

  • Use the WHATWG URL API instead of the deprecated url.parse. (by @​bjohansebas in #5674)

Patch Changes

  • Bump production dependencies, notably open to v11 and p-retry to v8. (by @​bjohansebas in #5674)

  • Reject cross-site requests to the internal open-editor and invalidate endpoints. They performed state-changing actions (opening a file in the editor, forcing a recompilation) on any GET request, so a page the developer visited could trigger them. They now require a same-origin request, validated via Sec-Fetch-Site with an Origin/Host fallback. (by @​bjohansebas in #5691)

  • Treat loopback aliases (127.0.0.1, ::1, localhost) as equivalent in isSameOrigin so the WebSocket client does not reject valid same-origin connections. (by @​bjohansebas in #5674)

  • Migrate the test suite from Jest to node:test and set up the jsdom environment. (by @​bjohansebas in #5674)

... (truncated)

Changelog

Sourced from webpack-dev-server's changelog.

6.0.0

Major Changes

  • Bump Express to v5. See the Express 5 migration guide for the full list of breaking changes. (by @​bjohansebas in #5674)

  • Bump the webpack peer dependency range from ^5.0.0 to ^5.101.0. (by @​bjohansebas in #5674)

  • Drop support for Node.js < 22.15.0. (by @​bjohansebas in #5674)

  • Convert the source to native ES modules. The package keeps "type": "module" and now exposes both an ESM and a CommonJS build via the exports field: ESM consumers import the native lib/, while CommonJS consumers require() a transpiled dist/ build — so the package works from both ESM and CommonJS, including environments where require(ESM) is not supported. (by @​bjohansebas in #5674)

  • Remove CLI flags. Use the serve command from webpack-cli together with a configuration file or the programmatic API instead. (by @​bjohansebas in #5674)

  • Remove the internalIP and internalIPSync static methods from Server. Resolve the local IP yourself if you need it. (by @​bjohansebas in #5674)

  • Remove the bypass option from proxy configuration. Use the router or context options provided by http-proxy-middleware instead. (by @​bjohansebas in #5674)

  • Remove SockJS support. The webSocketServer option no longer accepts "sockjs"; use the default "ws" transport instead. (by @​bjohansebas in #5674)

  • Remove the spdy dependency. Use the built-in node:http2 module via the server option for HTTP/2 support. (by @​bjohansebas in #5674)

  • Update http-proxy-middleware to v4. See the http-proxy-middleware v3 release notes and v4 release notes for the full list of breaking changes. (by @​bjohansebas in #5674)

  • Update webpack-dev-middleware to v8 and sync originalUrl for middleware compatibility. server.middleware.getFilenameFromUrl() is now asynchronous and resolves to { filename, extra: { stats, outputFileSystem } }. See the webpack-dev-middleware v8 release notes for details. (by @​bjohansebas in #5674)

Minor Changes

  • Add plugin support. webpack-dev-server can now be used as a webpack plugin, integrating with the compiler lifecycle without explicitly passing a compiler, preventing multiple server starts on recompilation, ensuring clean shutdown, and supporting MultiCompiler setups with multiple independent plugin servers. (by @​bjohansebas in #5674)

  • Enable the compression middleware for HTTP/2 connections. (by @​bjohansebas in #5674)

  • Remove the colorette dependency in favor of native ANSI styling. (by @​bjohansebas in #5674)

  • Update chokidar to v5 and extend watchFiles.options.ignored to support glob string patterns via tinyglobby. (by @​bjohansebas in #5674)

  • Use compiler.platform to determine the target environment instead of inspecting the resolved target string. Universal targets ("universal" or ["web", "node"], where compiler.platform.universal is true since webpack 5.108.0) are treated as web targets so the client runtime is injected. (by @​bjohansebas in #5674)

  • Use the WHATWG URL API instead of the deprecated url.parse. (by @​bjohansebas in #5674)

Patch Changes

  • Bump production dependencies, notably open to v11 and p-retry to v8. (by @​bjohansebas in #5674)

  • Reject cross-site requests to the internal open-editor and invalidate endpoints. They performed state-changing actions (opening a file in the editor, forcing a recompilation) on any GET request, so a page the developer visited could trigger them. They now require a same-origin request, validated via Sec-Fetch-Site with an Origin/Host fallback. (by @​bjohansebas in #5691)

  • Treat loopback aliases (127.0.0.1, ::1, localhost) as equivalent in isSameOrigin so the WebSocket client does not reject valid same-origin connections. (by @​bjohansebas in #5674)

  • Migrate the test suite from Jest to node:test and set up the jsdom environment. (by @​bjohansebas in #5674)

... (truncated)

Commits
  • 05cb792 chore(release): new release (#5692)
  • a451839 fix: handle middleware teardown in plugin mode (#5703)
  • c2d23a7 fix: load ESM-only dependencies with native import() in the CommonJS build (#...
  • ba54764 fix: reject cross-site requests to open-editor and invalidate endpoints (#5691)
  • 2b369b3 fixup!
  • 08a0ea7 fix: ensure undefined options default to an empty object in Server constructor
  • 797b9e7 fix: handle undefined options in Server constructor
  • e90221c feat: plugin support (#5650)
  • 4c351e1 feat: support universal platform as a web target (#5690)
  • 2236aa4 chore: update http-proxy-middleware to version 4.1.1 and add tests for pathRe...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the webpack group with 3 updates in the / directory: [webpack](https://github.com/webpack/webpack), [webpack-cli](https://github.com/webpack/webpack-cli) and [webpack-dev-server](https://github.com/webpack/webpack-dev-server).


Updates `webpack` from 5.108.3 to 5.108.4
- [Release notes](https://github.com/webpack/webpack/releases)
- [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack@v5.108.3...v5.108.4)

Updates `webpack-cli` from 7.1.0 to 7.2.1
- [Release notes](https://github.com/webpack/webpack-cli/releases)
- [Changelog](https://github.com/webpack/webpack-cli/blob/main/CHANGELOG.md)
- [Commits](https://github.com/webpack/webpack-cli/compare/webpack-cli@7.1.0...webpack-cli@7.2.1)

Updates `webpack-dev-server` from 5.2.5 to 6.0.0
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack-dev-server@v5.2.5...v6.0.0)

---
updated-dependencies:
- dependency-name: webpack
  dependency-version: 5.108.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: webpack
- dependency-name: webpack-cli
  dependency-version: 7.2.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: webpack
- dependency-name: webpack-dev-server
  dependency-version: 6.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: webpack
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added PR: dependencies Pull requests that update a dependency file PR: waiting for review For PRs that are complete, tested, and ready for review labels Jul 6, 2026
@FreeTubeBot FreeTubeBot enabled auto-merge (squash) July 6, 2026 02:41
@PikachuEXE

Copy link
Copy Markdown
Member

Won't launch dev at all, downgrading webpack-dev-server to 5.2.6 works
No v6 doc yet so I can't even try to figure out how to fix it

@PikachuEXE

Copy link
Copy Markdown
Member

Applied fix from @absidue committed in #9368
and also a fix to make dev boots in macOS, see details in #9368 (comment)

@github-actions github-actions Bot added PR: merge conflicts / rebase needed and removed PR: waiting for review For PRs that are complete, tested, and ready for review labels Jul 6, 2026
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

…e0022

* development:
  Bump the github-codeql-action group with 2 updates (#9376)
  Bump the eslint group with 2 updates (#9377)
  Bump swiper from 12.2.0 to 14.0.1 (#9349)

# Conflicts:
#	pnpm-lock.yaml
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

@PikachuEXE PikachuEXE added the PR: waiting for review For PRs that are complete, tested, and ready for review label Jul 6, 2026

@absidue absidue left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Starting dev is slower but I haven't figured out why yet and I haven't noticed any other issues, so i'll approve but keep looking into it and create a follow up if I ever figure it out.

@FreeTubeBot FreeTubeBot merged commit 4082b7a into development Jul 8, 2026
6 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/webpack-1c192e0022 branch July 8, 2026 07:29
@github-actions github-actions Bot removed the PR: waiting for review For PRs that are complete, tested, and ready for review label Jul 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

PR: dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants