Bump the webpack group across 1 directory with 6 updates by dependabot[bot] · Pull Request #15964 · guardian/dotcom-rendering

dependabot · 2026-05-22T19:16:11Z

Bumps the webpack group with 6 updates in the / directory:

Package	From	To
css-loader	`7.1.2`	`7.1.4`
swc-loader	`0.2.6`	`0.2.7`
webpack-bundle-analyzer	`4.10.2`	`5.3.0`
webpack-cli	`6.0.1`	`7.0.2`
webpack-dev-middleware	`7.4.5`	`8.0.3`
webpack-dev-server	`5.2.2`	`5.2.4`

Updates css-loader from 7.1.2 to 7.1.4

Release notes

Sourced from css-loader's releases.

v7.1.4

7.1.4 (2026-02-16)

Bug Fixes

update peer dependency for @rspack/core v2 (#1652) (aeddefe)

v7.1.3

7.1.3 (2026-01-27)

Bug Fixes

allow to use module class name (#1649) (01869bc)

use official createHash for hashes (#1618) (06587e5)

use official hash* options for hashes (#1619) (9544c3e)

Changelog

Sourced from css-loader's changelog.

7.1.4 (2026-02-16)

Bug Fixes

update peer dependency for @rspack/core v2 (#1652) (aeddefe)

7.1.3 (2026-01-27)

Bug Fixes

allow to use module class name (#1649) (01869bc)

use official createHash for hashes (#1618) (06587e5)

use official hash* options for hashes (#1619) (9544c3e)

Commits

5b795af chore(release): 7.1.4
aeddefe fix: update peer dependency for @rspack/core v2 (#1652)
b2b2de7 chore(release): 7.1.3
01869bc fix: allow to use module class name (#1649)
7dd15ec chore(deps): bump js-yaml (#1648)
db26202 chore(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#1647)
7daf1b8 Update CONTRIBUTING link to point to GitHub page
de1e633 chore: correct link path (#1645)
563ad63 chore: migrate from contrib and swap branches (#1644)
e68bf7e chore: update github actions/checkout from v4 to v5 (#1642)
Additional commits viewable in compare view

Updates swc-loader from 0.2.6 to 0.2.7

Commits

See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for swc-loader since your current version.

Updates webpack-bundle-analyzer from 4.10.2 to 5.3.0

Release notes

Sourced from webpack-bundle-analyzer's releases.

v5.3.0

Minor Changes

Use new ECMA features in code. (by @alexander-akait in #713)

Added propTypes to client components. (by @alexander-akait in #713)

Patch Changes

Fix a race condition in writeStats that could lead to incorrect content in stats.json. (by @alexander-akait in #713)

Apply prettier and update dependencies. (by @alexander-akait in #713)

Changelog

Sourced from webpack-bundle-analyzer's changelog.

5.3.0

Minor Changes

Use new ECMA features in code. (by @alexander-akait in #713)

Added propTypes to client components. (by @alexander-akait in #713)

Patch Changes

Fix a race condition in writeStats that could lead to incorrect content in stats.json. (by @alexander-akait in #713)

Apply prettier and update dependencies. (by @alexander-akait in #713)

5.2.0

New Feature

Add support for Zstandard compression (#693 by @bjohansebas)

Internal

Prettier applied to the code base (#693 by @alexander-akait)

Update sirv dependency (#692 by @bjohansebas)

Update ws dependency (#691 by @bjohansebas)

5.1.1

Bug Fix

Fix tooltip styling in dark mode when using CSS Modules (#688 by @theEquinoxDev)

Avoid parse failures for bundles with IIFE (#685 by @hai-x)

5.1.0

Bug Fix

Prevent TypeError when assets or modules are undefined in analyzer.js (#679 by @Srushti-33)

New Feature

Add optional dark/light mode toggle (#683 by @theEquinoxDev)

5.0.1

Bug Fix

Restore @babel/plugin-transform-class-properties to fix HTML report (#682 by @valscion)

5.0.0

Breaking Change

Remove explicit support for Node versions below 20.9.0 (#676 by @valscion)

Improvement

... (truncated)

Commits

9ba43c7 chore(release): new release (#714)
8a91940 ci: trusted publishers (#713)
b3f44b0 fix: race condition in writeStats (#711)
3710653 refactor: adding typescript jsdocs types (#710)
77599a4 refactor: improve prop types and fix mobx (#709)
26b83f6 test: refactor infra (#708)
2588e54 ci: add codecov and fix test (#705)
be761ef update eslint and apply eslint-config-webpack (#701)
1c23a2a refactor: more ES6 code and code improvements (#700)
4af64e3 chore: improve package.json (#695)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for webpack-bundle-analyzer since your current version.

Updates webpack-cli from 6.0.1 to 7.0.2

Release notes

Sourced from webpack-cli's releases.

webpack-cli@7.0.2

Patch Changes

Resolve configuration path for cache build dependencies. (by @alexander-akait in #4707)

webpack-cli@7.0.1

Patch Changes

The file protocol for configuration options (--config/--extends) is supported. (by @alexander-akait in #4702)

webpack-cli@7.0.0

Major Changes

The minimum supported version of Node.js is 20.9.0. (by @alexander-akait in #4677)

Use dynamic import to load webpack.config.js, fallback to interpret only when configuration can't be load by dynamic import. Using dynamic imports allows you to take advantage of Node.js's built-in TypeScript support. (by @alexander-akait in #4677)

Removed the --node-env argument in favor of the --config-node-env argument. (by @alexander-akait in #4677)

The version command only output versions right now. (by @alexander-akait in #4677)

Removed deprecated API, no action required unless you use import cli from "webpack-cli";/const cli = require("webpack-cli");. (by @alexander-akait in #4677)

Patch Changes

Allow configuration freezing. (by @alexander-akait in #4677)

Use graceful shutdown when file system cache is enabled. (by @alexander-akait in #4677)

Performance improved. (by @alexander-akait in #4677)

Changelog

Sourced from webpack-cli's changelog.

7.0.2

Patch Changes

Resolve configuration path for cache build dependencies. (by @alexander-akait in #4707)

7.0.1

Patch Changes

The file protocol for configuration options (--config/--extends) is supported. (by @alexander-akait in #4702)

7.0.0

Major Changes

The minimum supported version of Node.js is 20.9.0. (by @alexander-akait in #4677)

Use dynamic import to load webpack.config.js, fallback to interpret only when configuration can't be load by dynamic import. Using dynamic imports allows you to take advantage of Node.js's built-in TypeScript support. (by @alexander-akait in #4677)

Removed the --node-env argument in favor of the --config-node-env argument. (by @alexander-akait in #4677)

The version command only output versions right now. (by @alexander-akait in #4677)

Removed deprecated API, no action required unless you use import cli from "webpack-cli";/const cli = require("webpack-cli");. (by @alexander-akait in #4677)

Patch Changes

Allow configuration freezing. (by @alexander-akait in #4677)

Use graceful shutdown when file system cache is enabled. (by @alexander-akait in #4677)

Performance improved. (by @alexander-akait in #4677)

Commits

49efdc0 chore(release): new release (#4708)
1fc1b9d fix: resolve configuration path for build dependencies (#4707)
fd02100 chore(release): new release (#4705)
a653b02 fix: use a new create-webpack-app package name (#4704)
173e4bf chore(release): new release (#4703)
c033657 ci: avoid extra step
fd28679 fix: support file protocol in configuration options (#4702)
37e4270 chore: normalize package.json (#4700)
d5290e3 ci: fix
0b116f7 chore(release): new release (#4679)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for webpack-cli since your current version.

Updates webpack-dev-middleware from 7.4.5 to 8.0.3

Release notes

Sourced from webpack-dev-middleware's releases.

v8.0.3

Patch Changes

Respect req.url when modified by middleware such as connect-history-api-fallback. (by @bjohansebas in #2304)

v8.0.2

Patch Changes

Fixed compatibility with rspack. (by @alexander-akait in #2295)

v8.0.1

Patch Changes

Fixed compatibility with rspack. (by @alexander-akait in 0b40cfd)

v8.0.0

Major Changes

The getFilenameFromUrl function is now asynchronous, returning a Promise that resolves to the object with the found filename (or undefined if the file was not found) or throws an error if the URL cannot be processed. Additionally, the object contains the extra property with stats (file system stats) and outputFileSystem (output file system where file was found) properties. (by @alexander-akait in #2284)

Minimum supported Node.js version is 20.9.0. (by @alexander-akait in #2284)

Minimum supported webpack version is 5.101.0. (by @alexander-akait in #2284)

Minor Changes

Added support for plugin usage, useful when the middleware will be used as a webpack plugin (no stats output, no extra actions). (by @alexander-akait in #2284)

Added the forwardError option to enable error forwarding to next middleware. (by @alexander-akait in #2284)

Enable cacheImmutable by default for immutable assets. (by @alexander-akait in #2284)

Patch Changes

Improved initial loading module time. (by @alexander-akait in #2284)

Removed outdated code and improved performance by avoiding extra loops. (by @alexander-akait in #2284)

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

7.4.5 (2025-09-24)

Bug Fixes

unpin memfs (#2176) (c9a0e68)

7.4.4 (2025-09-23)

Bug Fixes

... (truncated)

Changelog

Sourced from webpack-dev-middleware's changelog.

8.0.3

Patch Changes

Respect req.url when modified by middleware such as connect-history-api-fallback. (by @bjohansebas in #2304)

8.0.2

Patch Changes

Fixed compatibility with rspack. (by @alexander-akait in #2295)

8.0.1

Patch Changes

Fixed compatibility with rspack. (by @alexander-akait in 0b40cfd)

8.0.0

Major Changes

The getFilenameFromUrl function is now asynchronous, returning a Promise that resolves to the object with the found filename (or undefined if the file was not found) or throws an error if the URL cannot be processed. Additionally, the object contains the extra property with stats (file system stats) and outputFileSystem (output file system where file was found) properties. (by @alexander-akait in #2284)

Minimum supported Node.js version is 20.9.0. (by @alexander-akait in #2284)

Minimum supported webpack version is 5.101.0. (by @alexander-akait in #2284)

Minor Changes

Added support for plugin usage, useful when the middleware will be used as a webpack plugin (no stats output, no extra actions). (by @alexander-akait in #2284)

Added the forwardError option to enable error forwarding to next middleware. (by @alexander-akait in #2284)

Enable cacheImmutable by default for immutable assets. (by @alexander-akait in #2284)

Patch Changes

Improved initial loading module time. (by @alexander-akait in #2284)

Removed outdated code and improved performance by avoiding extra loops. (by @alexander-akait in #2284)

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

Commits

6fcaa48 chore(release): new release (#2305)
21cd376 chore(deps): update typescript (#2306)
8493c45 fix: respect req.url when modified
7c658fe chore(deps-dev): bump the dependencies group with 2 updates (#2302)
dedf0a4 chore(deps): bump the dependencies group across 1 directory with 2 updates
381828e chore(deps): bump picomatch (#2300)
6eee395 chore(deps): bump the dependencies group with 4 updates (#2297)
f79af6a chore(release): new release
ebe8b57 chore: adding changelog
dfebd57 fix: rspack compatibility more.
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for webpack-dev-middleware since your current version.

Updates webpack-dev-server from 5.2.2 to 5.2.4

Release notes

Sourced from webpack-dev-server's releases.

v5.2.4

5.2.4 (2026-05-11)

Bug Fixes

set Cross-Origin-Resource-Policy header to prevent source code theft over HTTP

v5.2.3

5.2.3 (2026-01-12)

Bug Fixes

add cause for errorObject (#5518) (37b033d)

compatibility with event target and universal target and lazy compilation (574026c)

overlay: add ESC key to dismiss overlay (#5598) (f91baa8)

progress indicator styles (#5557) (41a53a1)

upgrade selfsigned to v5

Changelog

Sourced from webpack-dev-server's changelog.

5.2.4 (2026-05-11)

Bug Fixes

set Cross-Origin-Resource-Policy header to prevent source code theft over HTTP

5.2.3 (2026-01-12)

Bug Fixes

add cause for errorObject (#5518) (37b033d)

compatibility with event target and universal target and lazy compilation (574026c)

overlay: add ESC key to dismiss overlay (#5598) (f91baa8)

progress indicator styles (#5557) (41a53a1)

upgrade selfsigned to v5

Commits

fd40130 chore(release): 5.2.4
ece4f36 chore: update deps (#5661)
a216144 ci: fix test (#5658)
df073c5 Merge commit from fork
b550a70 chore(release): 5.2.3
9704dc5 chore: upgrade selfsigned to v5 and remove node-forge dependency (#5618)
92bf644 chore: bump express to update qs (#5621)
792b2f0 chore(deps-dev): bump the dependencies group with 4 updates (#5606)
6d587ca chore(deps): bump the dependencies group across 1 directory with 27 updates (...
f91baa8 fix(overlay): add ESC key to dismiss overlay (#5598)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the webpack group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [css-loader](https://github.com/webpack/css-loader) | `7.1.2` | `7.1.4` | | [swc-loader](https://github.com/swc-project/pkgs) | `0.2.6` | `0.2.7` | | [webpack-bundle-analyzer](https://github.com/webpack/webpack-bundle-analyzer) | `4.10.2` | `5.3.0` | | [webpack-cli](https://github.com/webpack/webpack-cli) | `6.0.1` | `7.0.2` | | [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `7.4.5` | `8.0.3` | | [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `5.2.2` | `5.2.4` | Updates `css-loader` from 7.1.2 to 7.1.4 - [Release notes](https://github.com/webpack/css-loader/releases) - [Changelog](https://github.com/webpack/css-loader/blob/main/CHANGELOG.md) - [Commits](webpack/css-loader@v7.1.2...v7.1.4) Updates `swc-loader` from 0.2.6 to 0.2.7 - [Commits](https://github.com/swc-project/pkgs/commits) Updates `webpack-bundle-analyzer` from 4.10.2 to 5.3.0 - [Release notes](https://github.com/webpack/webpack-bundle-analyzer/releases) - [Changelog](https://github.com/webpack/webpack-bundle-analyzer/blob/main/CHANGELOG.md) - [Commits](webpack/webpack-bundle-analyzer@v4.10.2...v5.3.0) Updates `webpack-cli` from 6.0.1 to 7.0.2 - [Release notes](https://github.com/webpack/webpack-cli/releases) - [Changelog](https://github.com/webpack/webpack-cli/blob/main/CHANGELOG.md) - [Commits](https://github.com/webpack/webpack-cli/compare/webpack-cli@6.0.1...webpack-cli@7.0.2) Updates `webpack-dev-middleware` from 7.4.5 to 8.0.3 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/main/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v7.4.5...v8.0.3) Updates `webpack-dev-server` from 5.2.2 to 5.2.4 - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md) - [Commits](webpack/webpack-dev-server@v5.2.2...v5.2.4) --- updated-dependencies: - dependency-name: css-loader dependency-version: 7.1.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: webpack - dependency-name: swc-loader dependency-version: 0.2.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: webpack - dependency-name: webpack-bundle-analyzer dependency-version: 5.3.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: webpack - dependency-name: webpack-cli dependency-version: 7.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: webpack - dependency-name: webpack-dev-middleware dependency-version: 8.0.3 dependency-type: direct:production update-type: version-update:semver-major dependency-group: webpack - dependency-name: webpack-dev-server dependency-version: 5.2.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: webpack ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-05-22T19:16:41Z

Hello 👋! When you're ready to run Chromatic, please apply the run_chromatic label to this PR.

You will need to reapply the label each time you want to run Chromatic.

Click here to see the Chromatic project.

dependabot Bot added Dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 22, 2026

dependabot Bot requested a review from a team as a code owner May 22, 2026 19:16

dependabot Bot added Dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 22, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the webpack group across 1 directory with 6 updates#15964

Bump the webpack group across 1 directory with 6 updates#15964
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/webpack-275d4bdb25

dependabot Bot commented on behalf of github May 22, 2026

Uh oh!

github-actions Bot commented May 22, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 22, 2026

v7.1.4

7.1.4 (2026-02-16)

Bug Fixes

v7.1.3

7.1.3 (2026-01-27)

Bug Fixes

7.1.4 (2026-02-16)

Bug Fixes

7.1.3 (2026-01-27)

Bug Fixes

v5.3.0

Minor Changes

Patch Changes

5.3.0

Minor Changes

Patch Changes

5.2.0

5.1.1

5.1.0

5.0.1

5.0.0

webpack-cli@7.0.2

Patch Changes

webpack-cli@7.0.1

Patch Changes

webpack-cli@7.0.0

Major Changes

Patch Changes

7.0.2

Patch Changes

7.0.1

Patch Changes

7.0.0

Major Changes

Patch Changes

v8.0.3

Patch Changes

v8.0.2

Patch Changes

v8.0.1

Patch Changes

v8.0.0

Major Changes

Minor Changes

Patch Changes

7.4.5 (2025-09-24)

Bug Fixes

7.4.4 (2025-09-23)

Bug Fixes

8.0.3

Patch Changes

8.0.2

Patch Changes

8.0.1

Patch Changes

8.0.0

Major Changes

Minor Changes

Patch Changes

v5.2.4

5.2.4 (2026-05-11)

Bug Fixes

v5.2.3

5.2.3 (2026-01-12)

Bug Fixes

5.2.4 (2026-05-11)

Bug Fixes

5.2.3 (2026-01-12)

Bug Fixes

Uh oh!

github-actions Bot commented May 22, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development