Bump webpack-dev-server and @angular-devkit/build-angular in /CloudPatterns/ClientApp

[dependabot]

Bumps webpack-dev-server to 5.2.5 and updates ancestor dependency @angular-devkit/build-angular. These dependencies need to be updated together.

Updates webpack-dev-server from 5.2.2 to 5.2.5

Release notes

Sourced from webpack-dev-server's releases.

v5.2.5

Patch Changes

• Skip the HMR WebSocket path when forwarding upgrade requests to user-defined proxies, so custom proxy WebSocket upgrades are no longer intercepted by the dev server. (by @​bjohansebas in #5680)

v5.2.4

5.2.4 (2026-05-11)

Bug Fixes

• set Cross-Origin-Resource-Policy header to prevent source code theft over HTTP

v5.2.3

5.2.3 (2026-01-12)

Bug Fixes

• add cause for errorObject (#5518) (37b033d)
• compatibility with event target and universal target and lazy compilation (574026c)
• overlay: add ESC key to dismiss overlay (#5598) (f91baa8)
• progress indicator styles (#5557) (41a53a1)
• upgrade selfsigned to v5

Changelog

Sourced from webpack-dev-server's changelog.

5.2.5

Patch Changes

• Skip the HMR WebSocket path when forwarding upgrade requests to user-defined proxies, so custom proxy WebSocket upgrades are no longer intercepted by the dev server. (by @​bjohansebas in #5680)

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

5.2.4 (2026-05-11)

Bug Fixes

• set Cross-Origin-Resource-Policy header to prevent source code theft over HTTP

5.2.3 (2026-01-12)

Bug Fixes

• add cause for errorObject (#5518) (37b033d)
• compatibility with event target and universal target and lazy compilation (574026c)
• overlay: add ESC key to dismiss overlay (#5598) (f91baa8)
• progress indicator styles (#5557) (41a53a1)
• upgrade selfsigned to v5

Commits

• c3ee325 chore(release): new release (#5682)
• 60173be feat: add changeset validation and release workflow (#5680)
• 948d5e6 fix(proxy): match the HMR upgrade path exactly like the ws server (#5678)
• 93e8996 fix: skip HMR websocket path when forwarding upgrades to user-defined proxies...
• fd40130 chore(release): 5.2.4
• ece4f36 chore: update deps (#5661)
• a216144 ci: fix test (#5658)
• df073c5 Merge commit from fork
• b550a70 chore(release): 5.2.3
• 9704dc5 chore: upgrade selfsigned to v5 and remove node-forge dependency (#5618)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for webpack-dev-server since your current version.

Updates @angular-devkit/build-angular from 20.3.18 to 20.3.29

Release notes

Sourced from @​angular-devkit/build-angular's releases.

20.3.29

@​angular/cli

Commit	Description
	update pacote to 21.5.1

@​angular/ssr

Commit	Description
	prioritize options over environment variables in AngularNodeAppEngine

20.3.28

@​angular/cli

Commit	Description
	fallback to deprecated versions when resolving ranges if no non-deprecated version is found
	remove forceAuth and unscoped credential parsing

20.3.27

@​angular/ssr

Commit	Description
	add support for configuring trusted proxy headers via environment variable

20.3.26

@​angular/ssr

Commit	Description
	allow all hosts in common engine rendering options to prevent validation errors

20.3.25

@​angular-devkit/build-angular

Commit	Description
	upgrade postcss to 8.5.12

@​angular/ssr

Commit	Description
	introduce trustProxyHeaders option to safely validate and sanitize proxy headers

20.3.24

@​angular/build

Commit	Description
	update esbuild to 0.28.0

20.3.23

@​angular/build

Commit	Description
	update vite to 7.3.2

... (truncated)

Changelog

Sourced from @​angular-devkit/build-angular's changelog.

20.3.29 (2026-06-17)

@​angular/cli

Commit	Type	Description
5f7c0328c	fix	update pacote to 21.5.1

@​angular/ssr

Commit	Type	Description
a75d78e68	fix	prioritize options over environment variables in AngularNodeAppEngine

22.0.2 (2026-06-17)

@​angular/cli

Commit	Type	Description
136fc2714	fix	support registry metadata fetching under bun package manager
2653dd5c7	perf	implement semaphore backpressure throttling in PackageManager

@​angular/build

Commit	Type	Description
0b4a48add	perf	implement semaphore backpressure throttling in JavaScriptTransformer

@​angular/ssr

Commit	Type	Description
d996a27e9	fix	avoid caching non-SSG page lookups
285a34e42	fix	correct grammar in console warning for redirected location headers
c8088a536	fix	prioritize options over environment variables in AngularNodeAppEngine

22.1.0-next.0 (2026-06-11)

Deprecations

@​angular-devkit/core

... (truncated)

Commits

• a19c3a7 release: cut the v20.3.29 release
• b89b772 build: update dependency webpack-dev-server to 5.2.5
• 5f7c032 fix(@​angular/cli): update pacote to 21.5.1
• a75d78e fix(@​angular/ssr): prioritize options over environment variables in AngularNo...
• 9eba41c release: cut the v20.3.28 release
• 2fb9b3b test(@​angular/cli): ignore engines in version-specifier E2E test when using yarn
• f12e170 fix(@​angular/cli): remove forceAuth and unscoped credential parsing
• 241f9b9 test(@​angular/cli): remove unscoped authentication test cases from registry t...
• e3d5646 fix(@​angular/cli): fallback to deprecated versions when resolving ranges if n...
• da23ee7 release: cut the v20.3.27 release
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.