Modification Proposal
Some projects are stuck on webpack-dev-server v4 because they have to support old Node.js versions.
v4 is still used by a large number of users. During the last 7 days, v4.15.2 alone received 3,356,309 downloads.
Expected Behavior / Situation
It would be great to have the security fixes from v5.2.1 backported to v4 and released as v4.15.3.
Actual Behavior / Situation
v4 currently does not have the security fixes. Millions of users are exposed to security vulnerabilities.
Please paste the results of npx webpack-cli info here, and mention other relevant information
System:
OS: macOS 15.5
CPU: (8) arm64 Apple M1
Memory: 212.97 MB / 16.00 GB
Binaries:
Node: 22.16.0 - /usr/local/bin/node
Yarn: 1.22.19 - /opt/homebrew/bin/yarn
npm: 10.9.2 - /usr/local/bin/npm
Browsers:
Brave Browser: 118.1.59.122
Chrome: 137.0.7151.69
Safari: 18.5
Modification Proposal
Some projects are stuck on webpack-dev-server v4 because they have to support old Node.js versions.
v4 is still used by a large number of users. During the last 7 days, v4.15.2 alone received 3,356,309 downloads.
Expected Behavior / Situation
It would be great to have the security fixes from v5.2.1 backported to v4 and released as v4.15.3.
Actual Behavior / Situation
v4 currently does not have the security fixes. Millions of users are exposed to security vulnerabilities.
Please paste the results of
npx webpack-cli infohere, and mention other relevant information