Skip to content

fix(deps): add missing webpack-dev-server override (unbreaks main)#443

Merged
josephfusco merged 1 commit into
mainfrom
fix/wds-override-missing
May 27, 2026
Merged

fix(deps): add missing webpack-dev-server override (unbreaks main)#443
josephfusco merged 1 commit into
mainfrom
fix/wds-override-missing

Conversation

@josephfusco

@josephfusco josephfusco commented May 27, 2026

Copy link
Copy Markdown
Member

Summary

  • npm ci on main is failing — PR chore(deps): patch uuid and webpack-dev-server security alerts (dev-only) #442 (1c3b6df) added the webpack-dev-server@5.2.4 resolution to package-lock.json but left the corresponding entry out of the overrides block in package.json. The lockfile has 5.2.4 while package.json's natural tree (via @wordpress/scripts) wants 4.15.2, with no override to bridge them.
  • This breaks the release.yml workflow (failed run 26516976225) — without it, the changesets action can't install deps to refresh PR Release Plugin #403 or publish 4.8.5.
  • Adding the missing "webpack-dev-server": "^5.2.4" line is sufficient; lockfile is already at the correct resolution and npm install --package-lock-only is a no-op.

Test plan

  • npm ci --dry-run exits 0 locally with the patched package.json
  • npm install --package-lock-only makes no further changes to the lockfile
  • CI green on this PR
  • After merge: release.yml succeeds, PR Release Plugin #403 refreshes with the security changeset alongside WP 6.9 compat

@josephfusco
fix(deps): add missing webpack-dev-server override
de23d47 
PR #442 (1c3b6df) added webpack-dev-server@5.2.4 to package-lock.json
but the corresponding `overrides` entry never made it into package.json.
`npm ci` on main now fails with "Missing: webpack-dev-server@4.15.2 from
lock file" because the natural dep tree (via @wordpress/scripts) wants
4.15.2 while the lockfile has 5.2.4 with no override to bridge the gap.

This breaks the release workflow — without it, the changesets action
cannot install deps to refresh PR #403 or publish 4.8.5.

Adding the missing override is sufficient; the lockfile is already at
the correct resolution and `npm install --package-lock-only` is a no-op.
Verified locally: `npm ci --dry-run` now exits 0.
@josephfusco josephfusco requested a review from a team as a code owner May 27, 2026 14:26
@changeset-bot

changeset-bot Bot commented May 27, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: de23d47

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@josephfusco

josephfusco commented May 27, 2026

Copy link
Copy Markdown
Member Author

Review nudge for @wpengine/headless-open-source — this is a hotfix to unbreak main after #442.

PR #442's lockfile shipped webpack-dev-server@5.2.4 but the corresponding override line was dropped from package.json during merge. npm ci on main is now failing with Missing: webpack-dev-server@4.15.2 from lock file, which broke the release.yml run triggered by the #442 merge (run 26516976225).

This adds the one missing line. Verified locally: npm ci --dry-run exits 0; npm install --package-lock-only is a no-op (lockfile is already correct).

Once this is in, release.yml will run again, refresh #403 with the security changeset, and we can ship 4.8.5.

@josephfusco josephfusco merged commit 8c86c4c into main May 27, 2026
13 checks passed
@josephfusco josephfusco deleted the fix/wds-override-missing branch May 27, 2026 14:30
@josephfusco josephfusco mentioned this pull request May 27, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ahuseyn ahuseyn ahuseyn approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@josephfusco @ahuseyn