build(deps): bump the npm_and_yarn group across 1 directory with 14 updates

[dependabot]

Bumps the npm_and_yarn group with 7 updates in the / directory:

Package	From	To
react-dev-utils	4.2.1	11.0.4
standard-version	4.4.0	9.5.0
webpack-dev-server	2.9.4	5.2.1
dot-prop	3.0.0	5.3.0
postcss	5.2.18	8.5.14
simple-git	1.132.0	removed
tmp	0.0.33	removed

Updates react-dev-utils from 4.2.1 to 11.0.4

Release notes

Sourced from react-dev-utils's releases.

v5.0.1

5.0.1 (2022-04-12)

Create React App 5.0.1 is a maintenance release that improves compatibility with React 18. We've also updated our templates to use createRoot and relaxed our check for older versions of Create React App.

Migrating from 5.0.0 to 5.0.1

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@5.0.1

or

yarn add --exact react-scripts@5.0.1

🐛 Bug Fix

• react-scripts
  • #12245 fix: webpack noise printed only if error or warning (@​Andrew47)
• create-react-app
  • #11915 Warn when not using the latest version of create-react-app but do not exit (@​iansu)
• react-dev-utils
  • #11640 Ensure posix compliant joins for urls in middleware (@​psiservices-justin-sullard)

💅 Enhancement

• cra-template-typescript, cra-template, react-scripts
  • #12220 Update templates to use React 18 createRoot (@​kyletsang)
• cra-template-typescript, cra-template
  • #12223 chore: upgrade rtl version to support react 18 (@​MatanBobi)
• eslint-config-react-app
  • #11622 updated deprecated rules (@​wisammechano)

📝 Documentation

• #11594 Fix a typo in deployment.md (@​fishmandev)
• #11805 docs: Changelog 5.0.0 (@​jafin)
• #11757 prevent both npm and yarn commands from being copied (@​mubarakn)

🏠 Internal

• #11985 Ignore docs when publishing (@​iansu)

Committers: 11

• Andrew Burnie (@​Andrew47)

... (truncated)

Changelog

Sourced from react-dev-utils's changelog.

2.0.3 and Newer Versions

Please refer to CHANGELOG-2.x.md for the 2.x range, and https://github.com/react/create-react-app/blob/main/CHANGELOG.md for the newer versions.

1.1.5 (August 24, 2018)

• react-scripts

  • Update the webpack-dev-server dependency

• react-dev-utils

  • #4866 Fix a Windows-only vulnerability (CVE-2018-6342) in the development server (@​acdlite)
  • Update the sockjs-client dependency

Committers: 1

• Andrew Clark (acdlite)

Migrating from 1.1.4 to 1.1.5

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@1.1.5

or

yarn add --exact react-scripts@1.1.5

1.1.4 (April 3, 2018)

🐛 Bug Fix

• react-dev-utils

  • #4250 Upgrade detect-port-alt to fix #4189. (@​Timer)

Committers: 1

• Joe Haddad (Timer)

Migrating from 1.1.3 to 1.1.4

Inside any created project that has not been ejected, run:

</tr></table> 

... (truncated)

Commits

• See full diff in compare view

Updates standard-version from 4.4.0 to 9.5.0

Release notes

Sourced from standard-version's releases.

v9.5.0

9.5.0 (2022-05-15)

Features

• deprecated: add deprecation message (#907) (61b41fa)

Bug Fixes

• deps: update dependency conventional-changelog to v3.1.25 (#865) (4c938a2)
• deps: update dependency conventional-changelog-conventionalcommits to v4.6.3 (#866) (6c75ed0)

v9.4.0

9.4.0 (2021-12-31)

Features

• add .cjs config file (#717) (eceaedf)

Bug Fixes

• Ensures provided packageFiles arguments are merged with bumpFiles when no bumpFiles argument is specified (default). (#534) (2785023), closes #533

standard-version v9.3.2

Bug Fixes

• deps: update dependency conventional-changelog-conventionalcommits to v4.6.1 (#752) (bb8869d)

standard-version v9.3.1

Bug Fixes

• updater: npm7 package lock's inner version not being updated (#713) (a316dd0)

standard-version v9.3.0

Features

• add --lerna-package flag used to extract tags in case of lerna repo (#503) (f579ff0)

standard-version v9.2.0

... (truncated)

Changelog

Sourced from standard-version's changelog.

9.5.0 (2022-05-15)

Features

• deprecated: add deprecation message (#907) (61b41fa)

Bug Fixes

• deps: update dependency conventional-changelog to v3.1.25 (#865) (4c938a2)
• deps: update dependency conventional-changelog-conventionalcommits to v4.6.3 (#866) (6c75ed0)

9.4.0 (2021-12-31)

Features

• add .cjs config file (#717) (eceaedf)

Bug Fixes

• Ensures provided packageFiles arguments are merged with bumpFiles when no bumpFiles argument is specified (default). (#534) (2785023), closes #533

9.3.2 (2021-10-17)

Bug Fixes

• deps: update dependency conventional-changelog-conventionalcommits to v4.6.1 (#752) (bb8869d)

9.3.1 (2021-07-14)

Bug Fixes

• updater: npm7 package lock's inner version not being updated (#713) (a316dd0)

9.3.0 (2021-05-04)

Features

• add --lerna-package flag used to extract tags in case of lerna repo (#503) (f579ff0)

9.2.0 (2021-04-06)

Features

... (truncated)

Commits

• 017dcb6 chore(master): release 9.5.0 (#867)
• 61b41fa feat(deprecated): add deprecation message (#907)
• 6c75ed0 fix(deps): update dependency conventional-changelog-conventionalcommits to v4...
• 4c938a2 fix(deps): update dependency conventional-changelog to v3.1.25 (#865)
• fd05681 chore(master): release 9.4.0 (#864)
• e510623 build: run tests on label
• eceaedf feat: add .cjs config file (#717)
• 366a498 build: update publish configuration
• 095e1eb test: updates .gitignore test to check against a default package and bump fil...
• fb3f3fa chore: Move to native fs.access, removes fs-access package. (#840)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for standard-version since your current version.

Updates webpack-dev-server from 2.9.4 to 5.2.1

Release notes

Sourced from webpack-dev-server's releases.

v5.2.1

5.2.1 (2025-03-26)

Security

• cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
• requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

• prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
• take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

v5.2.0

5.2.0 (2024-12-11)

Features

• added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

• speed up initial client bundling (145b5d0)

v5.1.0

5.1.0 (2024-09-03)

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

Bug Fixes

• check the platform property to determinate the target (#5269) (c3b532c)
• ipv6 output (#5270) (06005e7)
• replace rimraf with rm (#5162) (1a1561f)
• replace default gateway (#5255) (f5f0902)
• support devServer: false (#5272) (8b341cb)

v5.0.4

5.0.4 (2024-03-19)

... (truncated)

Changelog

Sourced from webpack-dev-server's changelog.

5.2.1 (2025-03-26)

Security

• cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
• requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

• prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
• take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

5.2.0 (2024-12-11)

Features

• added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

• speed up initial client bundling (145b5d0)

5.1.0 (2024-09-03)

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

Bug Fixes

• check the platform property to determinate the target (#5269) (c3b532c)
• ipv6 output (#5270) (06005e7)
• replace rimraf with rm (#5162) (1a1561f)
• replace default gateway (#5255) (f5f0902)
• support devServer: false (#5272) (8b341cb)

5.0.4 (2024-03-19)

Bug Fixes

... (truncated)

Commits

• 0d22a08 chore(release): 5.2.1
• 6045b1e chore(deps): update (#5444)
• ffd0b86 fix: take the first network found instead of the last one, this restores the ...
• 9ea7b08 ci: update dependency-review-action (#5442)
• 5c9378b Merge commit from fork
• d2575ad Merge commit from fork
• 8c1abc9 fix: prevent overlay for errors caught by React error boundaries (#5431)
• 5a39c70 ci: update codecov/codecov-action to v5 (#5406)
• 55220a8 chore(deps-dev): bump the dependencies group across 1 directory with 4 update...
• 09f6f8e chore(deps): bump the dependencies group across 1 directory with 2 updates (#...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack-dev-server since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates braces from 1.8.5 to 2.3.2

Changelog

Sourced from braces's changelog.

[2.3.2] - 2018-04-08

• start refactoring
• cover sets
• better range handling

[2.3.1] - 2018-02-17

• Remove unnecessary escape in Regex. (#14)

[2.3.0] - 2017-10-19

• minor code reorganization
• optimize regex
• expose maxLength option

[2.2.1] - 2017-05-30

• don't condense when braces contain extglobs

[2.2.0] - 2017-05-28

• ensure word boundaries are preserved
• fixes edge case where extglob characters precede a brace pattern

[2.1.1] - 2017-04-27

• use snapdragon-node
• handle edge case
• optimizations, lint

[2.0.4] - 2017-04-11

• pass opts to compiler
• minor optimization in create method
• re-write parser handlers to remove negation regex

[2.0.3] - 2016-12-10

• use split-string
• clear queue at the end
• adds sequences example
• add unit tests

[2.0.2] - 2016-10-21

• fix comma handling in nested extglobs

[2.0.1] - 2016-10-20

... (truncated)

Commits

• See full diff in compare view

Updates dot-prop from 3.0.0 to 5.3.0

Release notes

Sourced from dot-prop's releases.

v5.3.0

• Make .delete() return a boolean (#66) 24916ff

sindresorhus/dot-prop@v5.2.0...v5.3.0

v5.2.0

• Allow specifying undefined as the object for .get() and .has() (#58) a6be343

sindresorhus/dot-prop@v5.1.1...v5.2.0

v5.1.1

• Prevent setting/getting some problematic path components 3039c8c
• TypeScript - Fix return type for undefined defaultValue (#56) e0f8abf

sindresorhus/dot-prop@v5.1.0...v5.1.1

v5.1.0

Maintenance release to update dependencies. No user-facing changes.

sindresorhus/dot-prop@v5.0.1...v5.1.0

v5.0.1

• Fix TypeScript 3.5 compatibility 9c1ef03

sindresorhus/dot-prop@v5.0.0...v5.0.1

v5.0.0

Breaking:

• Require Node.js 8 a19fd41

Enhancements:

• Add TypeScript definition (#52) 5dbf51c

sindresorhus/dot-prop@v4.2.0...v5.0.0

v4.2.1

• Backport sindresorhus/dot-prop@3039c8c to the v4.x release line.

Commits

• 614e74a 5.3.0
• 24916ff Make .delete() return a boolean (#66)
• be84f79 Simplify unit tests (#67)
• 282e984 5.2.0
• 4801a63 Meta tweaks
• a6be343 Allow specifying undefined as the object for .get() and .has() (#58)
• 0efd03e 5.1.1
• 3039c8c Prevent setting/getting some problematic path components
• e0f8abf TypeScript - Fix return type for undefined defaultValue (#56)
• b8b7124 5.1.0
• Additional commits viewable in compare view

Updates postcss from 5.2.18 to 8.5.14

Release notes

Sourced from postcss's releases.

8.5.14

• Fixed custom syntax regression (by @​43081j).

8.5.13

• Fixed postcss-scss commend regression.

8.5.12

• Fixed reading any file via user-generated CSS.
• Added opts.unsafeMap to disable checks.

8.5.11

• Fixed nested brackets parsing performance (by @​offset).

8.5.10

• Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

• Speed up source map encoding paring in case of the error.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

• Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

• Fixed package.json→exports compatibility with some tools (by @​JounQin).

8.5.4

• Fixed Parcel compatibility issue (by @​git-sumitchaudhary).

8.5.3

• Added more details to Unknown word error (by @​hiepxanh).
• Fixed types (by @​romainmenke).
• Fixed docs (by @​catnipan).

8.5.2

• Fixed end position of rules with semicolon (by @​romainmenke).

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

PostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.

... (truncated)

Changelog

Sourced from postcss's changelog.

8.5.14

• Fixed custom syntax regression (by @​43081j).

8.5.13

• Fixed postcss-scss commend regression.

8.5.12

• Fixed reading any file via user-generated CSS.
• Added opts.unsafeMap to disable checks.

8.5.11

• Fixed nested brackets parsing performance (by @​offset).

8.5.10

• Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

• Speed up source map encoding paring in case of the error.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

• Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

• Fixed package.json→exports compatibility with some tools (by @​JounQin).

8.5.4

• Fixed Parcel compatibility issue (by @​git-sumitchaudhary).

8.5.3

• Added more details to Unknown word error (by @​hiepxanh).
• Fixed types (by @​romainmenke).
• Fixed docs (by @​catnipan).

... (truncated)

Commits

• See full diff in compare view

Updates js-yaml from 3.7.0 to 3.14.2

Changelog

Sourced from js-yaml's changelog.

[3.14.2] - 2025-11-15

Security

• Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

• Types are now exported as yaml.types.XXX.
• Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

• Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

• Check migration guide to see details for all breaking changes.
• Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
• Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
• yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
• yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
• !!binary now always mapped to Uint8Array on load.
• Reduced nesting of /lib folder.
• Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
• dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
• Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
• Code snippet created in exceptions now contains multiple lines with line numbers.
• dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
• dump() with skipInvalid=true now serializes invalid items in collections as null.
• Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
• Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

• Added .mjs (es modules) support.
• Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
• Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

... (truncated)

Commits

• 9963d36 3.14.2 released
• 10d3c8e dist rebuild
• 5278870 fix prototype pollution in merge (<<) (#731)
• 37caaad 3.14.1 released
• 094c0f7 dist rebuild
• 9586ebe Avoid calling hasOwnProperty of user-controlled objects
• 34e5072 3.14.0 released
• 7b25c83 Browser files rebuild
• 6f73473 Dev deps bump
• 0c29349 Travis-CI: drop old nodejs versions
• Additional commits viewable in compare view

Updates minimatch from 3.0.3 to 3.0.4

Commits

• e46989a v3.0.4
• ddfacbd update brace-expansion
• 55ed736 update package scripts and deps
• See full diff in compare view

Updates node-forge from 0.10.0 to 1.4.0

Changelog

Sourced from node-forge's changelog.

1.4.0 - 2026-03-24

Security

• HIGH: Denial of Service in BigInteger.modInverse()
  • A Denial of Service (DoS) vulnerability exists due to an infinite loop in the BigInteger.modInverse() function (inherited from the bundled jsbn library). When modInverse() is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachable exit condition, causing the process to hang indefinitely and consume 100% CPU.
  • Reported by Kr0emer.
  • CVE ID: CVE-2026-33891
  • GHSA ID: GHSA-5gfm-wpxj-wjgq
• HIGH: Signature forgery in RSA-PKCS due to ASN.1 extra field.
  • RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing "garbage" bytes within the ASN.1 structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN.1 structure, rather than outside of it.
  • Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries.
  • Reported as part of a U.C. Berkeley security research project by:
    • Austin Chu, Sohee Kim, and Corban Villa.
  • CVE ID: CVE-2026-33894
  • GHSA ID: GHSA-ppp5-5v6c-4jwp
• HIGH: Signature forgery in Ed25519 due to missing S < L check.
  • Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (S >= L). A valid signature and its S + L variant both verify in forge, while Node.js crypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the specification. This class of signature malleability has been exploited in practice to bypass authentication and authorization logic (see CVE-2026-25793, CVE-2022-35961). Applications relying on signature uniqueness (i.e., dedup by signature bytes, replay tracking, signed-object canonicalization checks) may be bypassed.
  • Reported as part of a U.C. Berkeley security research project by:
    • Austin Chu, Sohee Kim, and Corban Villa.
  • CVE ID: CVE-2026-33895
  • GHSA ID: GHSA-q67f-28xg-22rw
• HIGH: basicConstraints bypass in certificate chain verification.
  • pki.verifyCertificateChain() does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions. This allows any leaf certificate (without these extensions) to act as a CA and sign other certificates, which node-forge will accept as valid.
  • Reported by Doruk Tan Ozturk (@​peaktwilight) - doruk.ch
  • CVE ID: CVE-2026-33896
  • GHSA ID: GHSA-2328-f5f3-gj25

... (truncated)

Commits

• fa385f9 Release 1.4.0.
• 07d4e16 Update changelog.
• cb90fd9 Update changelog.
• 963e7c5 Add unit test for "pseudonym"
• f0b6f5b Add pseudonym OID
• 3df48a3 Fix missing CVE ID.
• 2e49283 Add x509 basicConstraints check.
• bdecf11 Add canonical signature scaler check for S < L.
• af094e6 Add RSA padding and DigestInfo length checks.
• 796eeb1 Improve jsbn fix.
• Additional commits viewable in compare view

Removes simple-git

Updates sockjs from 0.3.18 to 0.3.24

Release notes

Sourced from sockjs's releases.

0.3.24

• Remove excess file from npm package

0.3.23

• Fix uuid usage

0.3.22

• Update uuid

0.3.21

• Update faye-websocket and websocket-driver to address DDoS vulnerability #275

0.3.20

• Updated node-uuid and coffeescript
• Exclude examples, tests, and Makefile from npm package
• Update examples to use latest jQuery and sockjs-client #271
• Don't call res.end in writeHead #266
• Pin websocket-driver as later versions cause some tests from sockjs-protocol to fail

0.3.19

• Update node-uuid version #224
• Add disable_cors option to prevent CORS headers from being added to responses #218
• Add dnt header to whitelist #212
• Add x-forwarded-host and x-forwarded-port headers to whitelist #208
• Update sockjs_url default to latest 1.x target #223
• Updated hapi.js example #216

Changelog

Sourced from sockjs's changelog.

0.3.24

• Remove excess file from npm package

0.3.23

• Fix uuid usage

0.3.22

• Update uuid

0.3.21

• Update faye-websocket and websocket-driver to address DDoS vulnerability #275

0.3.20

• Updated node-uuid and coffeescript
• Exclude examples, tests, and Makefile from npm package
• Update examples to use latest jQuery and sockjs-client #271
• Don't call res.end in writeHead #266
• Pin websocket-driver as later versions cause some tests from sockjs-protocol to fail

0.3.19

• Update node-uuid version #224
• Add disable_cors option to prevent CORS headers from being added to responses #218
• Add dnt header to whitelist #212
• Add x-forwarded-host and x-forwarded-port headers to whitelist #208
• Update sockjs_url default to latest 1.x target #223
• Updated hapi.js example #216

Commits

• a01674d 0.3.24
• 60f8795 Update Changelog
• 6bb693b 0.3.23
• 5d8842e Fix uuid usage
• 32b37b1 0.3.22
• b55d478 Update uuid to 8.3.2
• e393f16 Update package-lock.json
• 3f913fb Revert "Escape % in eventsource to prevent decoding problems"
• b417cd7 Escape % in eventsource to prevent decoding problems
• d891184 Add sockjs-protocol to .npmignore
• Additional commits viewable in compare view

Removes tmp

Updates webpack-dev-middleware from 1.12.2 to 7.4.5

Release notes

Sourced from webpack-dev-middleware's releases.

v7.4.5

7.4.5 (2025-09-24)

Bug Fixes

• unpin memfs (#2176) (c9a0e68)

v7.4.4

7.4.4 (2025-09-23)

Bug Fixes

• pin memfs version (#2174) (044d691)

v7.4.3

7.4.3 (2025-09-05)

Bug Fixes

• do not call the next middleware for 304 responses (#2155) (c26a326)
• do not call the next middleware when request is finished or errored (#2156) (116c680)

v7.4.2

7.4.2 (2024-08-21)

Bug Fixes

• no crash when headers are already sent (#1929) (c20f1d9)

v7.4.1

7.4.1 (2024-08-20)

Bug Fixes

• assetsInfo may be undefined (rspack) (#1927) (21f1797)

v7.4.0

7.4.0 (2024-08-15)

Features

• added the cacheImmutable option to cache immutable assets (assets with a hash in file name like image.e12ab567.jpg) (5ed629d)
• allow to configure the Cache-Control header (#1923) (f7529c3)

... (truncated)

Changelog

Sourced from webpack-dev-middleware's changelog.

7.4.5 (2025-09-24)

Bug Fixes

• unpin memfs (#2176) (c9a0e68)

7.4.4 (2025-09-23)

Bug Fixes

• pin memfs version (#2174) (044d691)

7.4.3 (2025-09-05)

Bug Fixes

• do not call the next middleware for 304 responses (#2155) (c26a326)
• do not call the next middleware when request is finished or errored (#2156) (116c680)

7.4.2 (2024-08-21)

Bug Fixes

• no crash when headers are already sent (#1929) (c20f1d9)

7.4.1 (2024-08-20)

Bug Fixes

• assetsInfo may be undefined (rspack) (#1927) (21f1797)

7.4.0 (2024-08-15)

Features

• added the cacheImmutable option to cache immutable assets (assets with a hash in file na...

  Description has been truncated