Bump webpack-dev-server from 3.11.3 to 5.2.4#738
Conversation
Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server) from 3.11.3 to 5.2.4. - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md) - [Commits](webpack/webpack-dev-server@v3.11.3...v5.2.4) --- updated-dependencies: - dependency-name: webpack-dev-server dependency-version: 5.2.4 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
rwingiupui
left a comment
rwingiupui
left a comment
There was a problem hiding this comment.
-1 Desk Check: This dependabot bump conflicts with the Universal Viewer (UV). The UV no longer displays images, instead the following message is displayed: "404 The item or page you were looking for can't be found."
According to Google Gemini:
"Webpacker is heavily hardcoded to work with specific versions of Webpack. By default, Webpacker (specifically versions 5 and below) generates configuration files under the hood that are strictly meant for webpack-dev-server version 3. When Dependabot bumped your webpack-dev-server to version 5, the Webpacker gem kept generating a version 3 configuration (using the outdated contentBase logic). Because version 5 doesn't understand version 3 configurations, it silently failed to serve your Universal Viewer assets, resulting in the 404s.
The Long-Term Reality: Webpacker is Retired
It is worth noting for your future maintenance that the core Rails team officially retired the webpacker gem. Dependabot will keep trying to update your JavaScript packages, but the underlying Ruby gem can no longer support them.
If you eventually want to use webpack-dev-server v5 and Webpack v5 (for better performance and security updates), you have two standard paths forward in the Rails ecosystem:
Migrate to Shakapacker: The community forked Webpacker and created Shakapacker. It is the official successor, acts as a drop-in replacement, and fully supports Webpack 5 and webpack-dev-server 5.
Migrate to jsbundling-rails: This is the modern Rails 7+ default, which removes the heavy Ruby wrapper and lets you use standard Webpack configuration files directly."
|
Superseded by #739. |
dependabot
Bot
deleted the
dependabot/npm_and_yarn/webpack-dev-server-5.2.4
branch
1 participant
Bumps webpack-dev-server from 3.11.3 to 5.2.4.
Release notes
Sourced from webpack-dev-server's releases.
... (truncated)
Changelog
Sourced from webpack-dev-server's changelog.
... (truncated)
Commits
fd40130chore(release): 5.2.4ece4f36chore: update deps (#5661)a216144ci: fix test (#5658)df073c5Merge commit from forkb550a70chore(release): 5.2.39704dc5chore: upgrade selfsigned to v5 and remove node-forge dependency (#5618)92bf644chore: bump express to update qs (#5621)792b2f0chore(deps-dev): bump the dependencies group with 4 updates (#5606)6d587cachore(deps): bump the dependencies group across 1 directory with 27 updates (...f91baa8fix(overlay): add ESC key to dismiss overlay (#5598)Install script changes
This version modifies
preparescript that runs during installation. Review the package contents before updating.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.