build(deps): bump webpack-dev-server from 5.2.2 to 5.2.4 in /website#12
build(deps): bump webpack-dev-server from 5.2.2 to 5.2.4 in /website#12dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server) from 5.2.2 to 5.2.4. - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md) - [Commits](webpack/webpack-dev-server@v5.2.2...v5.2.4) --- updated-dependencies: - dependency-name: webpack-dev-server dependency-version: 5.2.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
doistbot
left a comment
doistbot
left a comment
There was a problem hiding this comment.
This PR updates webpack-dev-server from 5.2.2 to 5.2.4 in the website package, bringing in recent bug fixes and keeping our development dependencies current. The update is a great step for maintaining a secure and stable local environment. However, it introduces a downstream dependency requiring Node 20 or higher, which currently conflicts with the website's Node 18 minimum requirement and will cause strict environment installations to fail.
| "dependencies": { | ||
| "@types/node-forge": "^1.3.0", | ||
| "node-forge": "^1" | ||
| "@peculiar/x509": "^1.14.2", |
There was a problem hiding this comment.
[P2] selfsigned@5.5.0 now pulls in @peculiar/x509@1.14.3, which declares node >=20 in this lockfile. That makes the resolved tree incompatible with the website package's current engines.node >=18 contract, and npm ci will fail on Node 18/19 when engine-strict is enabled. Either keep this dependency on a Node-18-compatible release or raise the website's Node floor alongside this update.
1 participant
Bumps webpack-dev-server from 5.2.2 to 5.2.4.
Release notes
Sourced from webpack-dev-server's releases.
Changelog
Sourced from webpack-dev-server's changelog.
Commits
fd40130chore(release): 5.2.4ece4f36chore: update deps (#5661)a216144ci: fix test (#5658)df073c5Merge commit from forkb550a70chore(release): 5.2.39704dc5chore: upgrade selfsigned to v5 and remove node-forge dependency (#5618)92bf644chore: bump express to update qs (#5621)792b2f0chore(deps-dev): bump the dependencies group with 4 updates (#5606)6d587cachore(deps): bump the dependencies group across 1 directory with 27 updates (...f91baa8fix(overlay): add ESC key to dismiss overlay (#5598)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.