Have you used AI?
No
Bug Description
The current v5.2.5 is depended on http-proxy-middleware with a v2 version.
https://github.com/webpack/webpack-dev-server/blob/main/package.json#L63
http-proxy-middleware v2.0.9 has a vulnerability
GHSA-64mm-vxmg-q3vj
However, the fixed version is v3 and v4 which is a major release update.
Link to Minimal Reproduction and step to reproduce
GHSA-64mm-vxmg-q3vj
Expected Behavior
http-proxy-middleware should be installed with v3.0.6 or v4.1.0
Actual Behavior
Environment
System:
OS: macOS 26.5.1
CPU: (11) arm64 Apple M3 Pro
Memory: 436.66 MB / 18.00 GB
Binaries:
Node: 24.15.0 - /Users/herman/.nvm/versions/node/v24.15.0/bin/node
npm: 11.12.1 - /Users/herman/.nvm/versions/node/v24.15.0/bin/npm
Browsers:
Chrome: 149.0.7827.115
Edge: 149.0.4022.80
Safari: 26.5
Is this a regression?
None
Last Working Version
No response
Additional Context
No response
Have you used AI?
No
Bug Description
The current v5.2.5 is depended on
http-proxy-middlewarewith a v2 version.https://github.com/webpack/webpack-dev-server/blob/main/package.json#L63
http-proxy-middlewarev2.0.9 has a vulnerabilityGHSA-64mm-vxmg-q3vj
However, the fixed version is v3 and v4 which is a major release update.
Link to Minimal Reproduction and step to reproduce
GHSA-64mm-vxmg-q3vj
Expected Behavior
http-proxy-middlewareshould be installed with v3.0.6 or v4.1.0Actual Behavior
Environment
Is this a regression?
None
Last Working Version
No response
Additional Context
No response