Skip to content

build: update dependency webpack-dev-server to v6 (main)#33514

Open
angular-robot wants to merge 1 commit into
angular:mainfrom
angular-robot:ng-renovate/main-webpack-dev-server-6-x
Open

build: update dependency webpack-dev-server to v6 (main)#33514
angular-robot wants to merge 1 commit into
angular:mainfrom
angular-robot:ng-renovate/main-webpack-dev-server-6-x

Conversation

@angular-robot

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
webpack-dev-server ^5.0.2^6.0.0 age adoption passing confidence
webpack-dev-server 5.2.56.0.0 age adoption passing confidence

  • If you want to rebase/retry this PR, check this box

Release Notes

webpack/webpack-dev-server (webpack-dev-server)

v6.0.0

Compare Source

Major Changes
  • Bump Express to v5. See the Express 5 migration guide for the full list of breaking changes. (by @​bjohansebas in #​5674)

  • Bump the webpack peer dependency range from ^5.0.0 to ^5.101.0. (by @​bjohansebas in #​5674)

  • Drop support for Node.js < 22.15.0. (by @​bjohansebas in #​5674)

  • Convert the source to native ES modules. The package keeps "type": "module" and now exposes both an ESM and a CommonJS build via the exports field: ESM consumers import the native lib/, while CommonJS consumers require() a transpiled dist/ build — so the package works from both ESM and CommonJS, including environments where require(ESM) is not supported. (by @​bjohansebas in #​5674)

  • Remove CLI flags. Use the serve command from webpack-cli together with a configuration file or the programmatic API instead. (by @​bjohansebas in #​5674)

  • Remove the internalIP and internalIPSync static methods from Server. Resolve the local IP yourself if you need it. (by @​bjohansebas in #​5674)

  • Remove the bypass option from proxy configuration. Use the router or context options provided by http-proxy-middleware instead. (by @​bjohansebas in #​5674)

  • Remove SockJS support. The webSocketServer option no longer accepts "sockjs"; use the default "ws" transport instead. (by @​bjohansebas in #​5674)

  • Remove the spdy dependency. Use the built-in node:http2 module via the server option for HTTP/2 support. (by @​bjohansebas in #​5674)

  • Update http-proxy-middleware to v4. See the http-proxy-middleware v3 release notes and v4 release notes for the full list of breaking changes. (by @​bjohansebas in #​5674)

  • Update webpack-dev-middleware to v8 and sync originalUrl for middleware compatibility. server.middleware.getFilenameFromUrl() is now asynchronous and resolves to { filename, extra: { stats, outputFileSystem } }. See the webpack-dev-middleware v8 release notes for details. (by @​bjohansebas in #​5674)

Minor Changes
  • Add plugin support. webpack-dev-server can now be used as a webpack plugin, integrating with the compiler lifecycle without explicitly passing a compiler, preventing multiple server starts on recompilation, ensuring clean shutdown, and supporting MultiCompiler setups with multiple independent plugin servers. (by @​bjohansebas in #​5674)

  • Enable the compression middleware for HTTP/2 connections. (by @​bjohansebas in #​5674)

  • Remove the colorette dependency in favor of native ANSI styling. (by @​bjohansebas in #​5674)

  • Update chokidar to v5 and extend watchFiles.options.ignored to support glob string patterns via tinyglobby. (by @​bjohansebas in #​5674)

  • Use compiler.platform to determine the target environment instead of inspecting the resolved target string. Universal targets ("universal" or ["web", "node"], where compiler.platform.universal is true since webpack 5.108.0) are treated as web targets so the client runtime is injected. (by @​bjohansebas in #​5674)

  • Use the WHATWG URL API instead of the deprecated url.parse. (by @​bjohansebas in #​5674)

Patch Changes
  • Bump production dependencies, notably open to v11 and p-retry to v8. (by @​bjohansebas in #​5674)

  • Reject cross-site requests to the internal open-editor and invalidate endpoints. They performed state-changing actions (opening a file in the editor, forcing a recompilation) on any GET request, so a page the developer visited could trigger them. They now require a same-origin request, validated via Sec-Fetch-Site with an Origin/Host fallback. (by @​bjohansebas in #​5691)

  • Treat loopback aliases (127.0.0.1, ::1, localhost) as equivalent in isSameOrigin so the WebSocket client does not reject valid same-origin connections. (by @​bjohansebas in #​5674)

  • Migrate the test suite from Jest to node:test and set up the jsdom environment. (by @​bjohansebas in #​5674)

  • Update webpack-cli to v7.0.2. (by @​bjohansebas in #​5674)

@angular-robot angular-robot added action: merge The PR is ready for merge by the caretaker area: build & ci Related the build and CI infrastructure of the project target: automation This PR is targeted to only merge into the branch defined in Github [bot use only] labels Jul 6, 2026

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request upgrades webpack-dev-server to version 6.0.0 in both build_angular and build_webpack packages. Feedback suggests updating the webpack peer dependency in build_webpack to ^5.101.0 to match the minimum requirements of the upgraded webpack-dev-server and prevent potential resolution conflicts.

Comment on lines 29 to +30
"webpack": "^5.30.0",
"webpack-dev-server": "^5.0.2"
"webpack-dev-server": "^6.0.0"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Since webpack-dev-server v6.0.0 has bumped its minimum webpack peer dependency requirement to ^5.101.0 (as noted in the release notes), the webpack peer dependency in this package should also be updated to ^5.101.0 to prevent potential peer dependency resolution conflicts for consumers.

Suggested change
"webpack": "^5.30.0",
"webpack-dev-server": "^5.0.2"
"webpack-dev-server": "^6.0.0"
"webpack": "^5.101.0",
"webpack-dev-server": "^6.0.0"

See associated pull request for more information.
@angular-robot angular-robot force-pushed the ng-renovate/main-webpack-dev-server-6-x branch from 71dec0a to bf4b67e Compare July 8, 2026 15:06
@clydin clydin added state: blocked and removed action: merge The PR is ready for merge by the caretaker labels Jul 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area: build & ci Related the build and CI infrastructure of the project state: blocked target: automation This PR is targeted to only merge into the branch defined in Github [bot use only]

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants