Skip to content

Bump webpack-dev-server from 5.2.4 to 5.2.5 in /zeppelin-web-angular/projects/zeppelin-react#5272

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/zeppelin-web-angular/projects/zeppelin-react/webpack-dev-server-5.2.5
Closed

Bump webpack-dev-server from 5.2.4 to 5.2.5 in /zeppelin-web-angular/projects/zeppelin-react#5272
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/zeppelin-web-angular/projects/zeppelin-react/webpack-dev-server-5.2.5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 20, 2026

Copy link
Copy Markdown
Contributor

Bumps webpack-dev-server from 5.2.4 to 5.2.5.

Release notes

Sourced from webpack-dev-server's releases.

v5.2.5

Patch Changes

  • Skip the HMR WebSocket path when forwarding upgrade requests to user-defined proxies, so custom proxy WebSocket upgrades are no longer intercepted by the dev server. (by @​bjohansebas in #5680)
Changelog

Sourced from webpack-dev-server's changelog.

5.2.5

Patch Changes

  • Skip the HMR WebSocket path when forwarding upgrade requests to user-defined proxies, so custom proxy WebSocket upgrades are no longer intercepted by the dev server. (by @​bjohansebas in #5680)

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

Commits
  • c3ee325 chore(release): new release (#5682)
  • 60173be feat: add changeset validation and release workflow (#5680)
  • 948d5e6 fix(proxy): match the HMR upgrade path exactly like the ws server (#5678)
  • 93e8996 fix: skip HMR websocket path when forwarding upgrades to user-defined proxies...
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for webpack-dev-server since your current version.


@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 20, 2026
Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server) from 5.2.4 to 5.2.5.
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack-dev-server@v5.2.4...v5.2.5)

---
updated-dependencies:
- dependency-name: webpack-dev-server
  dependency-version: 5.2.5
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/zeppelin-web-angular/projects/zeppelin-react/webpack-dev-server-5.2.5 branch from f68901c to 6c6bf10 Compare July 6, 2026 16:26
@voidmatcha

Copy link
Copy Markdown
Member

@dependabot rebase

@dependabot @github

dependabot Bot commented on behalf of github Jul 14, 2026

Copy link
Copy Markdown
Contributor Author

The dependabot.yml entry that created this PR has been deleted so this PR can't be rebased. Please close the PR so Dependabot can create a new one with the current dependabot.yml.

@voidmatcha

voidmatcha commented Jul 14, 2026

Copy link
Copy Markdown
Member

Closing this Dependabot PR in favor of the broader follow-up in #5303 / ZEPPELIN-6538. That PR updates zeppelin-web-angular/projects/zeppelin-react to webpack-dev-server@6.0.0, removes the vulnerable sockjs / uuid transitive path, updates http-proxy-middleware, and makes full zeppelin-react npm audit pass with 0 vulnerabilities.

@voidmatcha voidmatcha closed this Jul 14, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 14, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/zeppelin-web-angular/projects/zeppelin-react/webpack-dev-server-5.2.5 branch July 14, 2026 14:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant