Skip to content

Bump braces, webpack, webpack-cli and webpack-dev-server#58

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-76e94975f0
Open

Bump braces, webpack, webpack-cli and webpack-dev-server#58
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-76e94975f0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Aug 22, 2025

Bumps braces to 3.0.3 and updates ancestor dependencies braces, webpack, webpack-cli and webpack-dev-server. These dependencies need to be updated together.

Updates braces from 2.3.2 to 3.0.3

Changelog

Sourced from braces's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

  • Changelogs are for humans, not machines.
  • There should be an entry for every single version.
  • The same types of changes should be grouped.
  • Versions and sections should be linkable.
  • The latest version comes first.
  • The release date of each versions is displayed.
  • Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in case of vulnerabilities.

[3.0.0] - 2018-04-08

v3.0 is a complete refactor, resulting in a faster, smaller codebase, with fewer deps, and a more accurate parser and compiler.

Breaking Changes

  • The undocumented .makeRe method was removed
  • Require Node.js >= 8.3

Non-breaking changes

  • Caching was removed
Commits

Updates webpack from 4.47.0 to 5.101.3

Release notes

Sourced from webpack's releases.

v5.101.3

Fixes

  • Fixed resolve execution order issue from extra await in async modules
  • Avoid empty block for unused statement
  • Collect only specific expressions for destructuring assignment

v5.101.2

Fixes

  • Fixed syntax error when comment is on the last line
  • Handle var declaration for createRequire
  • Distinguish free variable and tagged variable

v5.101.1

Fixes

  • Filter deleted assets in processAdditionalAssets hook
  • HMR failure in defer module
  • Emit assets even if invalidation occurs again
  • Export types for serialization and deserialization in plugins and export the ModuleFactory class
  • Fixed the failure export of internal function for ES module chunk format
  • Fixed GetChunkFilename failure caused by dependOn entry
  • Fixed the import of missing dependency chunks
  • Fixed when entry chunk depends on the runtime chunk hash
  • Fixed module.exports bundle to ESM library
  • Adjusted the time of adding a group depending on the fragment of execution time
  • Fixed circle dependencies when require RawModule and condition of isDeferred
  • Tree-shakable module library should align preconditions of allowInlineStartup

v5.101.0

Fixes

  • Fixed concatenate optimization for ESM that caused undefined export
  • Respect the output.environment.nodePrefixForCoreModules option everywhere
  • Respect the output.importMetaName option everywhere
  • Fixed await async dependencies when accepting them during HMR
  • Better typescript types

Features

  • Added colors helpers for CLI
  • Enable tree-shaking for ESM external modules with named imports
  • Added the deferImport option to parser options

Performance Improvements

  • Fixed a regression in module concatenation after implementing deferred import support
  • Fixed a potential performance issue in CleanPlugin
  • Avoid extra require in some places

... (truncated)

Commits
  • 07b1ac0 chore(release): 5.101.3
  • 8d7efb8 chore(deps-dev): bump the dependencies group with 2 updates (#19816)
  • 935cbd8 docs: update examples (#19812)
  • dc79e95 fix: collect only specific expressions for destructuring assignment
  • 90ae8af fix: avoid empty block for unused statement
  • 8db97f8 fix: resolve execution order issue from extra await in async modules
  • c92deaf ci: pin Node.js 24.x to 24.5.0 in CI workflow (#19813)
  • c50930b refactor(test): correct the value retrieval
  • 613a5ad chore(deps-dev): bump @​babel/core in the dependencies group (#19807)
  • 1d9cc24 chore(release): 5.101.2
  • Additional commits viewable in compare view

Updates webpack-cli from 3.3.12 to 6.0.1

Release notes

Sourced from webpack-cli's releases.

v6.0.1

6.0.1 (2024-12-20)

Bug Fixes

v6.0.0

6.0.0 (2024-12-19)

BREAKING CHANGES

  • the minimum required Node.js version is 18.12.0
  • removed init, loader and plugin commands in favor create-webpack-app
  • dropped support for webpack-dev-server@v4
  • minimum supported webpack version is 5.82.0
  • The --define-process-env-node-env option was renamed to --config-node-env

Bug Fixes

Features

  • output pnpm version with info/version command (#3906) (38f3c6f)

v5.1.4

5.1.4 (2023-06-07)

Bug Fixes

  • multi compiler progress output (f659624)

v5.1.3

5.1.3 (2023-06-04)

Bug Fixes

v5.1.2

5.1.2 (2023-06-04)

Bug Fixes

  • improve check for custom webpack and webpack-dev-server package existance (0931ab6)

... (truncated)

Changelog

Sourced from webpack-cli's changelog.

6.0.1 (2024-12-20)

Bug Fixes

6.0.0 (2024-12-19)

BREAKING CHANGES

  • the minimum required Node.js version is 18.12.0
  • removed init, loader and plugin commands in favor create-webpack-app
  • dropped support for webpack-dev-server@v4
  • minimum supported webpack version is 5.82.0
  • The --define-process-env-node-env option was renamed to --config-node-env

Bug Fixes

Features

  • output pnpm version with info/version command (#3906) (38f3c6f)

5.1.4 (2023-06-07)

Bug Fixes

  • multi compiler progress output (f659624)

5.1.3 (2023-06-04)

Bug Fixes

5.1.2 (2023-06-04)

Bug Fixes

  • improve check for custom webpack and webpack-dev-server package existance (0931ab6)
  • improve help for some flags (f468614)
  • improved support for .cts and .mts extensions (a77daf2)

5.1.1 (2023-05-09)

... (truncated)

Commits

Updates webpack-dev-server from 3.11.3 to 5.2.2

Release notes

Sourced from webpack-dev-server's releases.

v5.2.2

5.2.2 (2025-06-03)

Bug Fixes

  • "Overlay enabled" false positive (18e72ee)
  • do not crush when error is null for runtime errors (#5447) (309991f)
  • remove unnecessary header X_TEST (#5451) (64a6124)
  • respect the allowedHosts option for cross-origin header check (#5510) (03d1214)

v5.2.1

5.2.1 (2025-03-26)

Security

  • cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
  • requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

  • prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
  • take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

v5.2.0

5.2.0 (2024-12-11)

Features

  • added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

  • speed up initial client bundling (145b5d0)

v5.1.0

5.1.0 (2024-09-03)

Features

  • add visual progress indicators (a8f40b7)
  • added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
  • allow the server option to be Function (#5275) (02a1c6d)
  • http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

... (truncated)

Changelog

Sourced from webpack-dev-server's changelog.

5.2.2 (2025-06-03)

Bug Fixes

  • "Overlay enabled" false positive (18e72ee)
  • do not crush when error is null for runtime errors (#5447) (309991f)
  • remove unnecessary header X_TEST (#5451) (64a6124)
  • respect the allowedHosts option for cross-origin header check (#5510) (03d1214)

5.2.1 (2025-03-26)

Security

  • cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
  • requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

  • prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
  • take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

5.2.0 (2024-12-11)

Features

  • added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

  • speed up initial client bundling (145b5d0)

5.1.0 (2024-09-03)

Features

  • add visual progress indicators (a8f40b7)
  • added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
  • allow the server option to be Function (#5275) (02a1c6d)
  • http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

Bug Fixes

  • check the platform property to determinate the target (#5269) (c3b532c)

... (truncated)

Commits
  • 195a7e6 chore(release): 5.2.2
  • 620bef1 chore(deps): update (#5511)
  • 03d1214 fix: respect the allowedHosts option for cross-origin header check (#5510)
  • 5ba862e chore(deps-dev): bump the dependencies group across 1 directory with 7 update...
  • f7fec94 chore: fix typo (#5508)
  • 6ee8cd0 ci: add Node.js v24 (#5492)
  • d30f963 chore: update http-proxy-middleware to ^2.0.9 (#5503)
  • 66cf033 chore(deps-dev): bump the dependencies group with 2 updates (#5504)
  • 4367a5c refactor: use 'String#startsWith' & replace if-then-else (#5501)
  • 8e6604f chore(deps): bump the dependencies group across 1 directory with 4 updates (#...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump braces, webpack, webpack-cli and webpack-dev-server
340b61e 
Bumps [braces](https://github.com/micromatch/braces) to 3.0.3 and updates ancestor dependencies [braces](https://github.com/micromatch/braces), [webpack](https://github.com/webpack/webpack), [webpack-cli](https://github.com/webpack/webpack-cli) and [webpack-dev-server](https://github.com/webpack/webpack-dev-server). These dependencies need to be updated together.


Updates `braces` from 2.3.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/braces/commits/3.0.3)

Updates `webpack` from 4.47.0 to 5.101.3
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](webpack/webpack@v4.47.0...v5.101.3)

Updates `webpack-cli` from 3.3.12 to 6.0.1
- [Release notes](https://github.com/webpack/webpack-cli/releases)
- [Changelog](https://github.com/webpack/webpack-cli/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack/webpack-cli/compare/v3.3.12...webpack-cli@6.0.1)

Updates `webpack-dev-server` from 3.11.3 to 5.2.2
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md)
- [Commits](webpack/webpack-dev-server@v3.11.3...v5.2.2)

---
updated-dependencies:
- dependency-name: braces
  dependency-version: 3.0.3
  dependency-type: indirect
- dependency-name: webpack
  dependency-version: 5.101.3
  dependency-type: direct:production
- dependency-name: webpack-cli
  dependency-version: 6.0.1
  dependency-type: direct:production
- dependency-name: webpack-dev-server
  dependency-version: 5.2.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Aug 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants