Skip to content

chore(deps-dev): bump the npm-minor-and-patch group across 1 directory with 2 updates#613

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/attack-search/develop/npm-minor-and-patch-4d7c372748
Open

chore(deps-dev): bump the npm-minor-and-patch group across 1 directory with 2 updates#613
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/attack-search/develop/npm-minor-and-patch-4d7c372748

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-minor-and-patch group with 2 updates in the /attack-search directory: webpack and webpack-dev-server.

Updates webpack from 5.107.2 to 5.108.1

Release notes

Sourced from webpack's releases.

v5.108.1

Patch Changes

  • Fix invalid property access for escaped namespace imports with multi-character mangled export names. (by @​xiaoxiaojx in #21280)

  • Add frames to ProfilingPlugin TracingStartedInBrowser event so the trace loads in Chrome DevTools. (by @​alexander-akait in #21269)

v5.108.0

Minor Changes

  • Treat top-level await and import.meta as ES module markers, matching Node.js syntax detection so no explicit module type is needed. (by @​alexander-akait in #21218)

  • Add a bun target that emits ESM and externalizes bun:* and node.js built-in modules. (by @​alexander-akait in #21248)

  • Support CommonJS reexports via Object.defineProperty value and getter descriptors. (by @​alexander-akait in #21129)

  • Support JSON Schema const when generating CLI flags from a schema. (by @​alexander-akait in #21087)

  • Support JSON Schema if/then/else when generating CLI flags from a schema. (by @​alexander-akait in #21087)

  • Skip import specifiers, require() and import() calls in dead conditional branches gated by inlined imported constants (isDEV ? A : B), evaluated via getCondition. (by @​hai-x in #21136)

  • CSS localIdentName [hash] now resolves to the local ident hash (matching css-loader); use [modulehash] for the module hash. (by @​alexander-akait in #21259)

  • Add CSS parser as option and resolve url() inside HTML style attributes. (by @​alexander-akait in #21157)

  • Add dedicated module classes for all built-in module types. (by @​alexander-akait in #21164)

  • Support .html/.css for the default ./src entry under the html/css experiments. (by @​alexander-akait in #21039)

  • Add defineConfig helper for typed configuration files. (by @​alexander-akait in #21169)

  • Add a deno target (with versions, e.g. deno, deno2, deno1.40) that emits ESM, resolves node.js built-ins via the required node: specifier, and keeps Deno's own import protocols (npm:, jsr:, node:, http(s)://) external. (by @​alexander-akait in #21247)

  • Use module-import for electron externals when the target supports ESM. (by @​alexander-akait in #21184)

  • Add output.environment.logicalAssignment to emit ||= in runtime code when the target supports logical assignment operators. (by @​bjohansebas in #21219)

  • Resolve and rewrite asset URLs inside <iframe srcdoc> in HTML modules. (by @​bjohansebas in #21226)

  • Add HMR support for HTML modules with body/title DOM patching on update. (by @​alexander-akait in #21011)

  • Add css-url html source type extracting url() references from CSS-valued attributes. (by @​alexander-akait in #21250)

  • Add module.parser.html.sources option to disable or customize URL-attribute extraction for HTML modules, with script / script-module / stylesheet / stylesheet-inline types for custom attributes (by @​alexander-akait in #21022)

  • Add module.parser.html.template option to transform HTML module source before parsing. (by @​alexander-akait in #21055)

  • Extract more source URLs in HTML modules (SVG, legacy and obsolete attributes). (by @​alexander-akait in #21241)

... (truncated)

Changelog

Sourced from webpack's changelog.

5.108.1

Patch Changes

  • Fix invalid property access for escaped namespace imports with multi-character mangled export names. (by @​xiaoxiaojx in #21280)

  • Add frames to ProfilingPlugin TracingStartedInBrowser event so the trace loads in Chrome DevTools. (by @​alexander-akait in #21269)

5.108.0

Minor Changes

  • Treat top-level await and import.meta as ES module markers, matching Node.js syntax detection so no explicit module type is needed. (by @​alexander-akait in #21218)

  • Add a bun target that emits ESM and externalizes bun:* and node.js built-in modules. (by @​alexander-akait in #21248)

  • Support CommonJS reexports via Object.defineProperty value and getter descriptors. (by @​alexander-akait in #21129)

  • Support JSON Schema const when generating CLI flags from a schema. (by @​alexander-akait in #21087)

  • Support JSON Schema if/then/else when generating CLI flags from a schema. (by @​alexander-akait in #21087)

  • Skip import specifiers, require() and import() calls in dead conditional branches gated by inlined imported constants (isDEV ? A : B), evaluated via getCondition. (by @​hai-x in #21136)

  • CSS localIdentName [hash] now resolves to the local ident hash (matching css-loader); use [modulehash] for the module hash. (by @​alexander-akait in #21259)

  • Add CSS parser as option and resolve url() inside HTML style attributes. (by @​alexander-akait in #21157)

  • Add dedicated module classes for all built-in module types. (by @​alexander-akait in #21164)

  • Support .html/.css for the default ./src entry under the html/css experiments. (by @​alexander-akait in #21039)

  • Add defineConfig helper for typed configuration files. (by @​alexander-akait in #21169)

  • Add a deno target (with versions, e.g. deno, deno2, deno1.40) that emits ESM, resolves node.js built-ins via the required node: specifier, and keeps Deno's own import protocols (npm:, jsr:, node:, http(s)://) external. (by @​alexander-akait in #21247)

  • Use module-import for electron externals when the target supports ESM. (by @​alexander-akait in #21184)

  • Add output.environment.logicalAssignment to emit ||= in runtime code when the target supports logical assignment operators. (by @​bjohansebas in #21219)

  • Resolve and rewrite asset URLs inside <iframe srcdoc> in HTML modules. (by @​bjohansebas in #21226)

  • Add HMR support for HTML modules with body/title DOM patching on update. (by @​alexander-akait in #21011)

  • Add css-url html source type extracting url() references from CSS-valued attributes. (by @​alexander-akait in #21250)

  • Add module.parser.html.sources option to disable or customize URL-attribute extraction for HTML modules, with script / script-module / stylesheet / stylesheet-inline types for custom attributes (by @​alexander-akait in #21022)

  • Add module.parser.html.template option to transform HTML module source before parsing. (by @​alexander-akait in #21055)

... (truncated)

Commits
  • da91761 chore(release): new release (#21284)
  • b6c9fcf chore: move members to emeritus (#21281)
  • 062aa20 Fix invalid property access for escaped namespace with mangled exports (#21280)
  • ed9fa71 fix: render ProfilingPlugin trace in Chrome DevTools (#21269)
  • 322b060 chore(release): new release (#21037)
  • 03a0433 test: run AbstractMethodError and parseJson unit tests under Bun (#21273)
  • e7202b4 chore(deps): bump the dependencies group with 3 updates (#21270)
  • 9a51ee1 fix(html): run the any-other-end-tag fallback for a marker-shielded nobr (#21...
  • a040ac1 test: cap Node jest worker memory and fix harness teardown leaks (#21268)
  • 7c81bde Re-encode inline hash digests ([contenthash]/[chunkhash]/[fullhash]/[moduleha...
  • Additional commits viewable in compare view

Updates webpack-dev-server from 5.2.4 to 5.2.5

Release notes

Sourced from webpack-dev-server's releases.

v5.2.5

Patch Changes

  • Skip the HMR WebSocket path when forwarding upgrade requests to user-defined proxies, so custom proxy WebSocket upgrades are no longer intercepted by the dev server. (by @​bjohansebas in #5680)
Changelog

Sourced from webpack-dev-server's changelog.

5.2.5

Patch Changes

  • Skip the HMR WebSocket path when forwarding upgrade requests to user-defined proxies, so custom proxy WebSocket upgrades are no longer intercepted by the dev server. (by @​bjohansebas in #5680)

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

Commits
  • c3ee325 chore(release): new release (#5682)
  • 60173be feat: add changeset validation and release workflow (#5680)
  • 948d5e6 fix(proxy): match the HMR upgrade path exactly like the ws server (#5678)
  • 93e8996 fix: skip HMR websocket path when forwarding upgrades to user-defined proxies...
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for webpack-dev-server since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…y with 2 updates

Bumps the npm-minor-and-patch group with 2 updates in the /attack-search directory: [webpack](https://github.com/webpack/webpack) and [webpack-dev-server](https://github.com/webpack/webpack-dev-server).


Updates `webpack` from 5.107.2 to 5.108.1
- [Release notes](https://github.com/webpack/webpack/releases)
- [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack@v5.107.2...v5.108.1)

Updates `webpack-dev-server` from 5.2.4 to 5.2.5
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack-dev-server@v5.2.4...v5.2.5)

---
updated-dependencies:
- dependency-name: webpack
  dependency-version: 5.108.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor-and-patch
- dependency-name: webpack-dev-server
  dependency-version: 5.2.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 1, 2026
@sonarqubecloud

sonarqubecloud Bot commented Jul 1, 2026

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants