Skip to content

chore(deps): bump webpack-dev-server, @docusaurus/core and @docusaurus/preset-classic#1544

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-17ab04d126
Open

chore(deps): bump webpack-dev-server, @docusaurus/core and @docusaurus/preset-classic#1544
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-17ab04d126

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 21, 2026

Copy link
Copy Markdown
Contributor

Bumps webpack-dev-server to 5.2.6 and updates ancestor dependencies webpack-dev-server, @docusaurus/core and @docusaurus/preset-classic. These dependencies need to be updated together.

Updates webpack-dev-server from 4.9.3 to 5.2.6

Release notes

Sourced from webpack-dev-server's releases.

v5.2.6

Patch Changes

  • fix: allow undefined as the Server constructor options argument again (by @​bjohansebas in #5695)

    Restores accepting undefined (defaulting it to {}) for the options argument, so passing a webpack config's optional devServer field type-checks and works as before.

  • Protect the built-in state-changing routes (/webpack-dev-server/invalidate and /webpack-dev-server/open-editor) against cross-site request forgery. Requests are now checked with Sec-Fetch-Site (falling back to an Origin/Host comparison when it is absent), so a cross-site page can no longer trigger a rebuild or open a file in the editor. Same-origin requests, user-initiated navigations, and non-browser clients (e.g. curl) are unaffected. (by @​bjohansebas in #5698)

  • Handle malformed Host and Origin header values gracefully when validating requests. (by @​bjohansebas in #5699)

v5.2.5

Patch Changes

  • Skip the HMR WebSocket path when forwarding upgrade requests to user-defined proxies, so custom proxy WebSocket upgrades are no longer intercepted by the dev server. (by @​bjohansebas in #5680)

v5.2.4

5.2.4 (2026-05-11)

Bug Fixes

  • set Cross-Origin-Resource-Policy header to prevent source code theft over HTTP

v5.2.3

5.2.3 (2026-01-12)

Bug Fixes

  • add cause for errorObject (#5518) (37b033d)
  • compatibility with event target and universal target and lazy compilation (574026c)
  • overlay: add ESC key to dismiss overlay (#5598) (f91baa8)
  • progress indicator styles (#5557) (41a53a1)
  • upgrade selfsigned to v5

v5.2.2

5.2.2 (2025-06-03)

Bug Fixes

  • "Overlay enabled" false positive (18e72ee)
  • do not crush when error is null for runtime errors (#5447) (309991f)
  • remove unnecessary header X_TEST (#5451) (64a6124)
  • respect the allowedHosts option for cross-origin header check (#5510) (03d1214)

v5.2.1

5.2.1 (2025-03-26)

... (truncated)

Changelog

Sourced from webpack-dev-server's changelog.

5.2.6

Patch Changes

  • fix: allow undefined as the Server constructor options argument again (by @​bjohansebas in #5695)

    Restores accepting undefined (defaulting it to {}) for the options argument, so passing a webpack config's optional devServer field type-checks and works as before.

  • Protect the built-in state-changing routes (/webpack-dev-server/invalidate and /webpack-dev-server/open-editor) against cross-site request forgery. Requests are now checked with Sec-Fetch-Site (falling back to an Origin/Host comparison when it is absent), so a cross-site page can no longer trigger a rebuild or open a file in the editor. Same-origin requests, user-initiated navigations, and non-browser clients (e.g. curl) are unaffected. (by @​bjohansebas in #5698)

  • Handle malformed Host and Origin header values gracefully when validating requests. (by @​bjohansebas in #5699)

5.2.5

Patch Changes

  • Skip the HMR WebSocket path when forwarding upgrade requests to user-defined proxies, so custom proxy WebSocket upgrades are no longer intercepted by the dev server. (by @​bjohansebas in #5680)

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

5.2.4 (2026-05-11)

Bug Fixes

  • set Cross-Origin-Resource-Policy header to prevent source code theft over HTTP

5.2.3 (2026-01-12)

Bug Fixes

  • add cause for errorObject (#5518) (37b033d)
  • compatibility with event target and universal target and lazy compilation (574026c)
  • overlay: add ESC key to dismiss overlay (#5598) (f91baa8)
  • progress indicator styles (#5557) (41a53a1)
  • upgrade selfsigned to v5

5.2.2 (2025-06-03)

Bug Fixes

  • "Overlay enabled" false positive (18e72ee)
  • do not crush when error is null for runtime errors (#5447) (309991f)
  • remove unnecessary header X_TEST (#5451) (64a6124)
  • respect the allowedHosts option for cross-origin header check (#5510) (03d1214)

5.2.1 (2025-03-26)

Security

... (truncated)

Commits
  • 8a37b0e chore(release): new release (#5697)
  • f21ed0f fix: handle malformed Host and Origin headers (#5699)
  • 80cd9ee fix: reject cross-site requests to open-editor and invalidate endpoints (#5698)
  • 308e853 fix: handle undefined options in Server constructor (#5695)
  • 8b2b915 chore: update branch references from v4 to v5 in workflow configuration
  • 870ed22 chore: add v5 branch to release workflow triggers
  • c3ee325 chore(release): new release (#5682)
  • 60173be feat: add changeset validation and release workflow (#5680)
  • 948d5e6 fix(proxy): match the HMR upgrade path exactly like the ws server (#5678)
  • 93e8996 fix: skip HMR websocket path when forwarding upgrades to user-defined proxies...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for webpack-dev-server since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates @docusaurus/core from 2.0.1 to 3.10.2

Release notes

Sourced from @​docusaurus/core's releases.

3.10.2 (2026-07-10)

Backport and cherry-pick commits from main for v3.10.2 patch release:

3.10.1 (2026-04-30)

🐛 Bug Fix

  • docusaurus-bundler
    • #11981 fix(bundler): fix v3 webpackbar bug due to webpack breaking change (@​slorber)

🔧 Maintenance

  • docusaurus

Committers: 1

3.10.0 (2026-04-07)

🚀 New Feature

  • docusaurus-types, docusaurus
    • #11896 feat(core): add future.v4.mdx1CompatDisabledByDefault flag (@​slorber)
    • #11797 feat(core): promote siteConfig.storage to stable + add future.v4.siteStorageNamespacing flag [Claude] (@​slorber)
    • #11571 feat(core): support custom html elements in head tags (@​lebalz)
  • create-docusaurus
    • #11897 feat(create-docusaurus): update init template to .mdx extension and strict MDX syntax (@​slorber)
    • #11696 feat(create-docusaurus): Newly initialized TS sites should use "strict: true" (@​slorber)
    • #11611 feat(create-docusaurus): enable creation in current directory (@​Mcheung7272)
  • Other

... (truncated)

Changelog

Sourced from @​docusaurus/core's changelog.

Docusaurus Changelog - v2.x

2.4.3 (2023-09-20)

🐛 Bug Fix

  • docusaurus-plugin-content-docs
    • #9107 fix(content-docs): sidebar generator should return customProps for doc items (@​TheCatLady)
  • docusaurus-theme-classic
    • #9108 feat(theme-classic): add description & keywords microdata to blog posts (@​TheCatLady)
    • #9099 fix(theme): only set classname on ul elements if they have an existing class (@​homotechsual)
    • #9243 fix(theme-common): ThemedComponent should display something when JS is disabled (@​slorber)
  • docusaurus-theme-classic, docusaurus-theme-common
    • #9130 fix(theme): canonical url should be not change after hydration if url accessed with/without trailing slash (@​ori-shalom)

Committers: 4

2.4.2 (2023-09-20)

Bad npm publish, please use 2.4.3

2.4.1 (2023-05-15)

🐛 Bug Fix

  • docusaurus-theme-classic, docusaurus-theme-common
    • #8971 fix(theme): fix collapsible sidebar behavior when prefers-reduced-motion (@​slorber)
  • docusaurus-theme-translations
  • docusaurus
  • docusaurus-plugin-content-blog, docusaurus-theme-common, docusaurus-utils-common, docusaurus
    • #8909 fix(theme): add __ prefix to technical anchors, search crawlers (Algolia) should ignore them (@​slorber)
  • docusaurus-theme-common
    • #8906 fix(theme-common): fix collapsible component with prefers-reduced-motion (@​slorber)
    • #8873 fix(theme-common): fix confusing theme error message: bad sidebar id suggestions (@​slorber)
  • docusaurus-utils
    • #8874 fix(utils): handle Markdown links with spaces to route correctly (@​morsko1)
  • docusaurus-theme-classic, docusaurus-theme-translations
  • create-docusaurus

💅 Polish

... (truncated)

Commits
  • f37f903 v3.10.2
  • 2f5389d chore: cherry-pick commits for v3.10.2 patch release (#12265)
  • d4164ae chore: cherry-pick commits for v3.10.1 patch release (#11982)
  • 4892e7f feat(core): add future.v4.mdx1CompatDisabledByDefault flag (#11896)
  • 543eaeb fix(core): fix url.resolve() Node.js deprecation warning (#11844)
  • 1a52592 fix(faster): upgrade Rspack, fix Yarn PnP support (#11817)
  • 4a0273f fix(create-docusaurus): fix support for TypeScript 6.0 + fix our CI (#11843)
  • f659aef fix(core): upgrade serve handler min version to for upgrade users to a secure...
  • 1451780 chore(ci): fixes for the npm trusted publishing workflow (#11823)
  • 5dff744 chore(ci): add Trusted Publishing release workflow through dispatch action (#...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​docusaurus/core since your current version.


Updates @docusaurus/preset-classic from 2.0.1 to 3.10.2

Release notes

Sourced from @​docusaurus/preset-classic's releases.

3.10.2 (2026-07-10)

Backport and cherry-pick commits from main for v3.10.2 patch release:

3.10.1 (2026-04-30)

🐛 Bug Fix

  • docusaurus-bundler
    • #11981 fix(bundler): fix v3 webpackbar bug due to webpack breaking change (@​slorber)

🔧 Maintenance

  • docusaurus

Committers: 1

3.10.0 (2026-04-07)

🚀 New Feature

  • docusaurus-types, docusaurus
    • #11896 feat(core): add future.v4.mdx1CompatDisabledByDefault flag (@​slorber)
    • #11797 feat(core): promote siteConfig.storage to stable + add future.v4.siteStorageNamespacing flag [Claude] (@​slorber)
    • #11571 feat(core): support custom html elements in head tags (@​lebalz)
  • create-docusaurus
    • #11897 feat(create-docusaurus): update init template to .mdx extension and strict MDX syntax (@​slorber)
    • #11696 feat(create-docusaurus): Newly initialized TS sites should use "strict: true" (@​slorber)
    • #11611 feat(create-docusaurus): enable creation in current directory (@​Mcheung7272)
  • Other

... (truncated)

Changelog

Sourced from @​docusaurus/preset-classic's changelog.

Docusaurus Changelog - v2.x

2.4.3 (2023-09-20)

🐛 Bug Fix

  • docusaurus-plugin-content-docs
    • #9107 fix(content-docs): sidebar generator should return customProps for doc items (@​TheCatLady)
  • docusaurus-theme-classic
    • #9108 feat(theme-classic): add description & keywords microdata to blog posts (@​TheCatLady)
    • #9099 fix(theme): only set classname on ul elements if they have an existing class (@​homotechsual)
    • #9243 fix(theme-common): ThemedComponent should display something when JS is disabled (@​slorber)
  • docusaurus-theme-classic, docusaurus-theme-common
    • #9130 fix(theme): canonical url should be not change after hydration if url accessed with/without trailing slash (@​ori-shalom)

Committers: 4

2.4.2 (2023-09-20)

Bad npm publish, please use 2.4.3

2.4.1 (2023-05-15)

🐛 Bug Fix

  • docusaurus-theme-classic, docusaurus-theme-common
    • #8971 fix(theme): fix collapsible sidebar behavior when prefers-reduced-motion (@​slorber)
  • docusaurus-theme-translations
  • docusaurus
  • docusaurus-plugin-content-blog, docusaurus-theme-common, docusaurus-utils-common, docusaurus
    • #8909 fix(theme): add __ prefix to technical anchors, search crawlers (Algolia) should ignore them (@​slorber)
  • docusaurus-theme-common
    • #8906 fix(theme-common): fix collapsible component with prefers-reduced-motion (@​slorber)
    • #8873 fix(theme-common): fix confusing theme error message: bad sidebar id suggestions (@​slorber)
  • docusaurus-utils
    • #8874 fix(utils): handle Markdown links with spaces to route correctly (@​morsko1)
  • docusaurus-theme-classic, docusaurus-theme-translations
  • create-docusaurus

💅 Polish

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​docusaurus/preset-classic since your current version.


@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 21, 2026
@netlify

netlify Bot commented Jun 21, 2026

Copy link
Copy Markdown

Deploy Preview for testing-library failed.

Name Link
🔨 Latest commit 364a8f9
🔍 Latest deploy log https://app.netlify.com/projects/testing-library/deploys/6a575d343203ed0008fe4cfe

…s/preset-classic

Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server) to 5.2.6 and updates ancestor dependencies [webpack-dev-server](https://github.com/webpack/webpack-dev-server), [@docusaurus/core](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus) and [@docusaurus/preset-classic](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-preset-classic). These dependencies need to be updated together.


Updates `webpack-dev-server` from 4.9.3 to 5.2.6
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/v5.2.6/CHANGELOG.md)
- [Commits](webpack/webpack-dev-server@v4.9.3...v5.2.6)

Updates `@docusaurus/core` from 2.0.1 to 3.10.2
- [Release notes](https://github.com/facebook/docusaurus/releases)
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG-v2.md)
- [Commits](https://github.com/facebook/docusaurus/commits/v3.10.2/packages/docusaurus)

Updates `@docusaurus/preset-classic` from 2.0.1 to 3.10.2
- [Release notes](https://github.com/facebook/docusaurus/releases)
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG-v2.md)
- [Commits](https://github.com/facebook/docusaurus/commits/v3.10.2/packages/docusaurus-preset-classic)

---
updated-dependencies:
- dependency-name: "@docusaurus/core"
  dependency-version: 3.10.1
  dependency-type: direct:production
- dependency-name: "@docusaurus/preset-classic"
  dependency-version: 3.10.1
  dependency-type: direct:production
- dependency-name: webpack-dev-server
  dependency-version: 5.2.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-17ab04d126 branch from 6e4d399 to 364a8f9 Compare July 15, 2026 10:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants