Skip to content

CHANGELOG.md

Latest commit

 

History

History
1124 lines (664 loc) · 79.1 KB

CHANGELOG.md

File metadata and controls

1124 lines (664 loc) · 79.1 KB

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

5.2.3 (2026-01-12)

Bug Fixes

  • add cause for errorObject (#5518) (37b033d)
  • compatibility with event target and universal target and lazy compilation (574026c)
  • overlay: add ESC key to dismiss overlay (#5598) (f91baa8)
  • progress indicator styles (#5557) (41a53a1)
  • upgrade selfsigned to v5

5.2.2 (2025-06-03)

Bug Fixes

  • "Overlay enabled" false positive (18e72ee)
  • do not crush when error is null for runtime errors (#5447) (309991f)
  • remove unnecessary header X_TEST (#5451) (64a6124)
  • respect the allowedHosts option for cross-origin header check (#5510) (03d1214)

5.2.1 (2025-03-26)

Security

  • cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
  • requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

  • prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
  • take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

5.2.0 (2024-12-11)

Features

  • added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

  • speed up initial client bundling (145b5d0)

5.1.0 (2024-09-03)

Features

  • add visual progress indicators (a8f40b7)
  • added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
  • allow the server option to be Function (#5275) (02a1c6d)
  • http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

Bug Fixes

5.0.4 (2024-03-19)

Bug Fixes

5.0.3 (2024-03-12)

Bug Fixes

5.0.2 (2024-02-16)

Bug Fixes

5.0.1 (2024-02-13)

Bug Fixes

5.0.0 (2024-02-12)

Migration Guide and Changes.

4.15.1 (2023-06-09)

Bug Fixes

  • replace :: with localhost before openBrowser() (#4856) (874c44b)
  • types: compatibility with @types/ws (#4899) (34bcec2)

4.15.0 (2023-05-07)

Features

  • overlay displays unhandled promise rejection (#4849) (d1dd430)

4.14.0 (2023-05-06)

Features

4.13.3 (2023-04-15)

Bug Fixes

4.13.2 (2023-03-31)

Bug Fixes

  • prevent open 0.0.0.0 in browser due windows problems (04e74f2)

4.13.1 (2023-03-18)

Bug Fixes

4.13.0 (2023-03-17)

Features

  • added client.overlay.runtimeErrors option to control runtime errors (#4773) (dca2366)

4.12.0 (2023-03-14)

Features

  • allow to set the sockjs_url option (only sockjs) using the webSocketServer.options.sockjsUrl option (#4586) (69a2fba)
  • catch runtime error (#4605) (87a26cf)
  • improve styles for overlay (#4576) (791fb85)
  • open editor when clicking error on overlay (#4587) (efb2cec)

Bug Fixes

4.11.1 (2022-09-19)

Bug Fixes

  • respect client.logging option for all logs (#4572) (375835c)

4.11.0 (2022-09-07)

Features

  • make allowedHosts accept localhost subdomains by default (#4357) (0a33e6a)

Bug Fixes

4.10.1 (2022-08-29)

Bug Fixes

4.10.0 (2022-08-10)

Features

  • allow to configure more client options via resource URL (#4274) (216e3cb)

Bug Fixes

  • response correctly when receive an OPTIONS request (#4185) (2b3b7e0)

4.9.3 (2022-06-29)

Bug Fixes

  • avoid creation unnecessary stream for static sockjs file (#4482) (049b153)
  • history-api-fallback now supports HEAD requests and handles them the same as GET (8936082)

4.9.2 (2022-06-06)

Bug Fixes

4.9.1 (2022-05-31)

Bug Fixes

4.9.0 (2022-05-04)

Features

  • support Trusted Types for client overlay (#4404) (8132e1d)

Bug Fixes

  • ie11 runtime (#4403) (256d5fb)
  • replace portfinder with custom implementation and fix security problem (#4384) (eea50f3)
  • use the host in options to check if port is available (#4385) (a10c7cf)

4.8.1 (2022-04-06)

Bug Fixes

4.8.0 (2022-04-05)

Features

Bug Fixes

  • update description for --no-client-reconnect (#4248) (317648d)
  • update description for --no-client (#4250) (c3b6690)
  • update description for --no-history-api-fallback (#4277) (d63a0a2)
  • update negated descriptions for more options (#4287) (c64bd94)
  • update schema to have negatedDescription only for type boolean (#4280) (fcf8e8e)

4.7.4 (2022-02-02)

Bug Fixes

4.7.3 (2022-01-11)

Security

  • update selfsigned to 2.0.0 version

4.7.2 (2021-12-29)

Bug Fixes

  • apply onAfterSetupMiddleware after setupMiddlewares (as behavior earlier) (f6bc644)

4.7.1 (2021-12-22)

Bug Fixes

  • removed url package, fixed compatibility with future webpack defaults (#4132) (4e5d8ea)

4.7.0 (2021-12-21)

Features

  • added the setupMiddlewares option and deprecated onAfterSetupMiddleware and onBeforeSetupMiddleware options (#4068) (c13aa56)
  • added types (8f02c3f)
  • show deprecation warning for cacert option (#4115) (c73ddfb)

Bug Fixes

  • add description for watchFiles options (#4057) (75f3817)
  • allow passing options for custom server (#4110) (fc8bed9)
  • correct schema for ClientLogging (#4084) (9b7ae7b)
  • mark --open-app deprecated in favor of --open-app-name (#4091) (693c28a)
  • show deprecation warning for both https and http2 (#4069) (d8d5d71)
  • update --web-socket-server description (#4098) (65955e9)
  • update listen and close deprecation warning message (#4097) (b217a19)
  • update descriptions of https and server options (#4094) (f97c9e2)

4.6.0 (2021-11-25)

Features

Bug Fixes

4.5.0 (2021-11-13)

Features

Bug Fixes

4.4.0 (2021-10-27)

Features

  • added the server option, now you can pass server options, example { server: { type: 'http', options: { maxHeaderSize: 32768 } } }, available options for http and https, note - for http2 is used spdy, options specified in the server.options option take precedence over https/http2 options (#3940) (a70a7ef)
  • added the client.reconnect option (#3912) (5edad76)
  • improve error handling within startCallback and endCallback (#3969) (b0928ac)

Bug Fixes

4.3.1 (2021-10-04)

Bug Fixes

4.3.0 (2021-09-25)

Features

Bug Fixes

  • avoid web socket connection when web socket server is not running (#3879) (8874d72)
  • display file name for warnings/errors in overlay (#3867) (d20def5)
  • formatting errors/warnings (#3877) (f0dbea0)
  • handle 0 value of the port option property (ed67f66)

4.2.1 (2021-09-13)

Bug Fixes

4.2.0 (2021-09-09)

Features

  • added the http.ca option (CLI option added too) (should be used instead cacert, because we will remove it in the next major release in favor the https.ca option)
  • added the https.crl option (CLI options added too), more information
  • https.ca/https.cacert/ https.cert/https.crl/https.key/https.pfx options are now accept Arrays of Buffer/string/Path to file, using --https-*-reset CLI options you can reset these options
  • https.pfx/https.key can be Object[], more information
  • https options can now accept custom options, you can use:
module.exports = {
  // Other options
  devServer: {
    https: {
      // Allow to set additional TSL options https://nodejs.org/api/tls.html#tls_tls_createsecurecontext_options
      minVersion: "TLSv1.1",
      ca: path.join(httpsCertificateDirectory, "ca.pem"),
      pfx: path.join(httpsCertificateDirectory, "server.pfx"),
      key: path.join(httpsCertificateDirectory, "server.key"),
      cert: path.join(httpsCertificateDirectory, "server.crt"),
      passphrase: "webpack-dev-server",
    },
  }
};

Bug Fixes

  • accept connections with file: and chrome-extensions: protocol by default (#3822) (138f064)
  • close overlay on disconnection (#3825) (011bcf1)
  • respect https.cacert option (#3820) (0002ebf)

4.1.1 (2021-09-07)

Bug Fixes

  • improve the description of the magicHtml option (#3772) (b80610f)
  • replace ansi-html with ansi-html-community to avoid CVE (#3801) (36fd214)

4.1.0 (2021-08-31)

Features

  • added the magicHtml option (#3717) (4831f58)
  • allow to set hot and live-reload for client using search params (1c57680)
  • show warning when the hot option is enabled with the HMR plugin in config (#3744) (6cb1e4e)

Bug Fixes

  • change log type of Disconnected! to info (fde27f5)
  • handle --allowed-hosts all correctly (#3720) (326ed56)
  • output documentation link on errors (#3680) (e16221b)
  • respect the bypass option with target/router options for proxy (b5dd568)

4.0.0 (2021-08-18)

Notes:

  • migration guide from v3 to v4 can be found here

Bug Fixes

4.0.0-rc.1 (2021-08-17)

Notes:

  • migration guide from v3 to v4 can be found here

Features

Bug Fixes

  • fix usage legacy API (#3660) (c4678bc)
  • proxy logging and allow to pass options without the target option (#3651) (6e2cbde)
  • render ansi formatted error messages correctly in overlay (#3579) (9313454)
  • use value of the infastructureLogging.level option by default for client.logging. (#3613) (c9ccc96)
  • schema for the host option (#3549) (7200d31)
  • show deprecation warning for incorrect usage of Node.js API (#3563) (62b21ff)

4.0.0-rc.0 (2021-07-19)

Notes:

  • migration guide from v3 to v4 can be found here

⚠ BREAKING CHANGES

  • rename client.transport to client.webSocketTransport
  • move web socket client to web socket server class, i.e. to get web socket clients use this.webSocketServer.clients
  • remove entry options (i.e. hotEntry and needClientEntry) in favor manual setup entries (#3494)
  • you need to reset CLI options using reset option, please look them in webpack serve --help
  • host and port options can't be null or empty string

Features

  • allow to close overlay in browser (#3433) (307f2e7)
  • add port auto (#3297) (437c8d3)
  • added <url> pattern for open and allow to use multiple browsers (#3496) (7c7ccf9)
  • allow string value for client.webSocketURL.port (#3354) (f5e7f8f)
  • allow to disable web socket server using webSocketServer: false (f62f20f)
  • allow username and password in clientURL (#3452) (a7225d5)
  • display documentation links on errors (#3512) (54790ab)
  • enable compress by default (#3303) (4d251b5)
  • implement the client.webSocketURL.protocol option (#3380) (8998d6b)
  • the ipc option was added for unix socket (#3479) (b559738)
  • support Function in headers option (#3267) (28f9597)

Bug Fixes

4.0.0-beta.3 (2021-05-06)

⚠ BREAKING CHANGES

  • the https.ca option was removed in favor the https.cacert option
  • the dev option was renamed to devMiddleware
  • the client.overlay option is true by default and show warnings by default
  • use server port for websocket connection by default, if you proxied webpack-dev-server, please update webpack-cli to v4.7.0 (#3185) (0c3f817)
  • minimum supported Node.js version is 12.13.0

Features

Bug Fixes

  • improve warning message for open (#3191) (d473fd9)
  • respect the client.logging option for HMR logging (#3159) (6f3c6ba)
  • respect client.needClientEntry and client.needHotEntry options (#3178) (a2b6db9)
  • overlay with warnings (#3215) (7e18161)
  • help description for options
  • error description for options
  • improve warning message for the open option

4.0.0-beta.2 (2021-04-06)

⚠ BREAKING CHANGES

  • the openPage option and the --open-page CLI option were removed in favor { open: ['/my-page', '/my-other-page/'] } for Node.js API and --open-target [URL] (without [URL] dev server will open a browser using the host option value) and --open-app <browser> for CLI
  • the useLocalIp option was removed in favor { host: 'local-ip' }, alternative you can provide values: local-ipv4 for IPv4 and local-ipv6 for IPv6
  • stdin option was removed in favor --watch-options-stdin
  • injectClient and injectHot was removed in favor client.needClientEntry and client.needHotEntry

Features

  • added the watchFiles option, now you can reload server on file changes, for example { watchFiles: ['src/**/*.php', 'public/**/*'] } (#3136) (d73213a)
  • added more CLI options, please run webpack server --help (#3148) (03a2b27)
  • enable overlay by default (#3108) (5e05e48)
  • you can specify multiple targets and browsers for the open option, i.e. { open: { target: ['/my-page', '/my-other-page'], app: ['google-chrome', '--incognito'] } } (e3c2683)

Bug Fixes

  • /webpack-dev-server url shows list of files (#3101) (b3374c3)

  • dev server client compatibility with IE11/IE10/IE9 (#3129) (1e3e656)

    • For IE11/IE10 you need polyfill fetch() and Promise, example:
    module.exports = {
  entry: {
    entry: [
      "whatwg-fetch", 
      "core-js/features/promise", 
      "./entry.js"
    ],
  },
};
    • For IE9 you need polyfill fetch() and Promise and use sockjs for communications (because WebSocket is not supported), example:
    module.exports = {
  entry: {
    entry: [
      "whatwg-fetch", 
      "core-js/features/promise", 
      "./entry.js"
    ],
  },
  devServer: {
    transportMode: "sockjs",
  },
};

    IE8 is not supported

  • hostname resolving (#3128) (cd39491)

  • improve CLI options (#3151) (09fa827)

  • output description on invalid options (#3154) (2e02978)

  • prefer to open the host option (#3115) (7e525eb)

  • reduce number of dependencies

4.0.0-beta.1 (2021-03-23)

⚠ BREAKING CHANGES

  • --hot-only option was removed
  • default value of the static option is path.resolve(process.cwd(), 'public'), previously path.resolve(process.cwd(), 'static')
  • the overlay option was moved into the client option

Features

  • add more negative flags - --no-https, --no-http2, --no-compress and --no-history-api-fallback (#3070) (ebc966f)
  • allow Boolean type for the --firewall option (#3041) (6711c1d)
  • improve output for localhost and fix open (#2892) (9e65c24)
  • improve output for IPv4 and IPv6 (#3092) (f362665)

Bug Fixes

4.0.0-beta.0 (2020-11-27)

⚠ BREAKING CHANGES

  • drop support Node.js@6 and Node.js@8, minimum supported Node.js version is Node@10
  • the hot option is true by default
  • the hotOnly option was removed, if you need hot only mode, use hot: 'only' value
  • the default transportMode is switched from sockjs to ws (IE 11 and other old browsers doesn't support WebSocket, set sockjs value for transportMode if you need supports IE 11)
  • before, after and setup were removed in favor onBeforeSetupMiddleware (previously before) and onAfterSetupMiddleware options (previously after)
  • the clientOptions was renamed to the client option
  • the key, cert, pfx, pfx-passphrase, cacert, ca and requestCert options were moved to https options, please use https.{key|cert|pfx|passphrase|requestCert|cacert|ca|requestCert}
  • the sockHost, sockPath and sockPort options were removed in client option
  • the inline option (iframe live mode) was removed
  • the lazy and filename options were removed
  • the features option was removed
  • the log, logLevel, logTime, noInfo, quiet, reporter and warn options were removed in favor of built-in webpack logger, please read this to enable and setup logging output
  • the fs, index, mimeTypes, publicPath, serverSideRender, and writeToDisk options were moved in the dev option (webpack-dev-middleware options)
  • updating webpack-dev-middleware to v4, which includes many breaking options changes, please read
  • the stats option was removed, please use the stats option from webpack.config.js
  • the socket option was removed
  • the contentBase, contentBasePublicPath, serveIndex, staticOptions, watchContentBase, watchOptions were removed in favor of the static option
  • the disableHostCheck and allowedHosts options were removed in favor of the firewall option
  • server.listen() will find free port if the port is not set and the port argument is not passed, also print a warning if the port option and the port argument passed to server.listen() are different
  • the progress option is moved to the client option, set client: {progress: true}
  • the profile option was removed, to print profile data, set client: { progress: 'profile' }
  • client uses the port of the current location (location.port, equivalent to sockPort: 'location'), by default. To get previously behavior, set the client.port with the port you'd like to set
  • client uses the hostname of the current location (location.hostname), by default. To get previously behavior, set the client.host with the hostname you'd like to set

Features

  • compatibility with webpack@5
  • compatibility with webpack-cli@4
  • added the setupExitSignals option, it takes a boolean and if true (default on CLI), the server will close and exit the process on SIGINT and SIGTERM
  • update chokidar to v3

Notes

Unfortunately, due to the huge amount of changes it is very difficult to display all changes in a convenient form. Therefore, we offer you a couple of popular examples (feel free to send a PR with more examples).

static

Previously contentBase, contentBasePublicPath, serveIndex, staticOptions, watchContentBase and watchOptions

module.exports = {
  // ...
  devServer: {
    // Can be:
    // static: path.resolve(__dirname, 'static')
    // static: false
    static: [
      // Simple example
      path.resolve(__dirname, "static"),
      // Complex example
      {
        directory: path.resolve(__dirname, "static"),
        staticOptions: {},
        // Don't be confused with `dev.publicPath`, it is `publicPath` for static directory
        // Can be:
        // publicPath: ['/static-public-path-one/', '/static-public-path-two/'],
        publicPath: "/static-public-path/",
        // Can be:
        // serveIndex: {} (options for the `serveIndex` option you can find https://github.com/expressjs/serve-index)
        serveIndex: true,
        // Can be:
        // watch: {} (options for the `watch` option you can find https://github.com/paulmillr/chokidar)
        watch: true,
      },
    ],
  },
};

publicPath

module.exports = {
  // ...
  devServer: {
    dev: {
      publicPath: "/publicPathForDevServe",
    },
  },
};

firewall

Previously disableHostCheck and allowedHosts

module.exports = {
  // ...
  devServer: {
    // Can be
    // firewall: ['192.168.0.1', 'domain.com']
    firewall: false,
  },
};

logging

module.exports = {
  // ...
  infrastructureLogging: {
    // Only warnings and errors
    // level: 'none' disable logging
    // Please read https://webpack.js.org/configuration/other-options/#infrastructurelogginglevel
    level: "warn",
  },
};

3.11.0 (2020-05-08)

Features

Bug Fixes

3.10.3 (2020-02-05)

Bug Fixes

3.10.2 (2020-01-31)

Bug Fixes

  • fallthrough non GET and HEAD request to routes (#2374) (ebe8eca)
  • add an optional peer dependency on webpack-cli (#2396) (aa365df)
  • add heartbeat for the websocket server (#2404) (1a7c827)

3.10.1 (2019-12-19)

Bug Fixes

3.10.0 (2019-12-18)

Features

  • client: allow sock port to use location's port (sockPort: 'location') (#2341) (dc10d06)
  • server: add contentBasePublicPath option (#2150) (cee700d)

Bug Fixes

3.9.0 (2019-10-22)

Bug Fixes

  • add hostname and port to bonjour name to prevent name collisions (#2276) (d8af2d9)
  • add extKeyUsage to self-signed cert (#2274) (a4dbc3b)

Features

3.8.2 (2019-10-02)

Security

  • update selfsigned package

3.8.1 (2019-09-16)

Bug Fixes

3.8.0 (2019-08-09)

Bug Fixes

  • server: fix setupExitSignals usage (#2181) (bbe410e)
  • server: set port before instantiating server (#2143) (cfbf229)
  • check for name of HotModuleReplacementPlugin to avoid RangeError (#2146) (4579775)
  • server: check for external urls in array (#1980) (fa78347)
  • server: fix header check for socket server (#2077) (7f51859)
  • server: stricter headers security check (#2092) (078ddca)

Features

Potential Breaking changes

We have migrated serverMode and clientMode to transportMode as an experimental option. If you want to use this feature, you have to change your settings.

Related PR: #2116

3.7.2 (2019-06-17)

Bug Fixes

  • client: add default fallback for client (#2015) (d26b444)
  • open: set wait: false to run server.close successfully (#2001) (2b4cb52)
  • test: fixed ProvidePlugin.test.js (#2002) (47453cb)

3.7.1 (2019-06-07)

Bug Fixes

  • retry finding port when port is null and get ports in sequence (#1993) (bc57514)

3.7.0 (2019-06-06)

Bug Fixes

3.6.0 (2019-06-05)

Bug Fixes

Features

3.5.1 (2019-06-01)

Bug Fixes

  • allow passing promise function of webpack.config.js (#1947) (8cf1053)

3.5.0 (2019-05-31)

Bug Fixes

  • add client code for electron-renderer target (#1935) (9297988)
  • add client code for node-webkit target (#1942) (c6b2b1f)

Features

3.4.1 (2019-05-17)

Bug Fixes

3.4.0 (2019-05-17)

Bug Fixes

Features

3.3.1 (2019-04-09)

Bug Fixes

  • regression: always get necessary stats for hmr (#1780) (66b04a9)
  • regression: host and port can be undefined or null (#1779) (028ceee)
  • only add entries after compilers have been created (#1774) (b31cbaa)

3.3.0 (2019-04-08)

Bug Fixes

  • compatibility with webpack-cli@3.3 (#1754) (fd7cb0d)
  • ignore proxy when bypass return false (#1696) (aa7de77)
  • respect stats option from webpack config (#1665) (efaa740)
  • use location.port when location.hostname is used to infer HMR socket URL (#1664) (2f7f052)
  • don't crash with express.static.mime.types (#1765) (919ff77)

Features

  • add option "serveIndex" to enable/disable serveIndex middleware (#1752) (d5d60cb)
  • add webpack as argument to before and after options (#1760) (0984d4b)
  • http2 option to enable/disable HTTP/2 with HTTPS (#1721) (dcd2434)
  • random port retry logic (#1692) (419f02e)
  • relax depth limit from chokidar for content base (#1697) (7ea9ab9)

3.2.1 (2019-02-25)

Bug Fixes

  • deprecation message about setup now warning about v4 (#1684) (523a6ec)
  • regression: allow ca, key and cert will be string (#1676) (b8d5c1e)
  • regression: handle key, cert, cacert and pfx in CLI (#1688) (4b2076c)
  • regression: problem with idb-connector after update internal-ip (#1691) (eb48691)

3.1.14 (2018-12-24)

Bug Fixes

  • add workaround for Origin header in sockjs (#1608) (1dfd4fb)

3.1.13 (2018-12-22)

Bug Fixes

3.1.12 (2018-12-22)

Bug Fixes

  • regression in checkHost for checking Origin header (#1606) (8bb3ca8)

3.1.11 (2018-12-21)

Bug Fixes

3.1.10 (2018-10-23)

Bug Fixes

  • options: add writeToDisk option to schema (#1520) (d2f4902)
  • package: update sockjs-client v1.1.5...1.3.0 (url-parse vulnerability) (#1537) (e719959)
  • Server: set tls.DEFAULT_ECDH_CURVE to 'auto' (#1531) (c12def3)

3.1.9 (2018-09-24)

3.1.8 (2018-09-06)

Bug Fixes

  • package: yargs security vulnerability (dependencies) (#1492) (8fb67c9)
  • utils/createLogger: ensure quiet always takes precedence (options.quiet) (#1486) (7a6ca47)

3.1.7 (2018-08-29)

Bug Fixes

  • Server: don't use spdy on node >= v10.0.0 (#1451) (8ab9eb6)

3.1.6 (2018-08-26)

Bug Fixes

  • bin: handle process signals correctly when the server isn't ready yet (#1432) (334c3a5)
  • examples/cli: correct template path in open-page example (#1401) (df30727)
  • schema: allow the output filename to be a {Function} (#1409) (e2220c4)