build(deps-dev): bump the development-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the development-dependencies group with 7 updates in the / directory:

Package	From	To
babel-loader	9.2.1	10.0.0
css-loader	6.11.0	7.1.2
postcss	8.5.3	8.5.4
postcss-loader	7.3.4	8.1.1
style-loader	3.3.4	4.0.0
webpack-cli	5.1.4	6.0.1
webpack-dev-server	4.15.2	5.2.1

Updates babel-loader from 9.2.1 to 10.0.0

Release notes

Sourced from babel-loader's releases.

v10.0.0

What's Changed

Breaking Changes

• bump node requirement to ^18.20.0 || ^20.10.0 || >=22.0.0 and webpack requirement to >= 5.61.0 by @​JLHwung in babel/babel-loader#1026
• breaking: use output.hashFunction as loader cache hasher by @​JLHwung in babel/babel-loader#1027

New Features

• Add babel-loader logger by @​JLHwung in babel/babel-loader#1034
• Support cache with external dependencies by @​JLHwung in babel/babel-loader#1033

Bug Fixes

• [Bugfix] Ensure stability of filename cache-keys by @​stefanpenner in babel/babel-loader#909

Docs

• docs: clarify that cacheIdentifier is computed from the merged options by @​JLHwung in babel/babel-loader#1000
• Create SECURITY.md by @​JLHwung in babel/babel-loader#1032
• Add babel-loader v10 readme by @​JLHwung in babel/babel-loader#1046
• add readme section for loggingDebug support by @​JLHwung in babel/babel-loader#1038
• Update readme and repo templates by @​JLHwung in babel/babel-loader#1041

Dependencies

• migrate to c8 by @​JLHwung in babel/babel-loader#996
• Bump word-wrap from 1.2.3 to 1.2.4 by @​dependabot in babel/babel-loader#998
• Bump dev dependencies by @​JLHwung in babel/babel-loader#1001
• Bump braces from 3.0.2 to 3.0.3 by @​dependabot in babel/babel-loader#1020
• Update deps by @​JLHwung in babel/babel-loader#1025
• refactor: replace find-cache-dir by find-up by @​JLHwung in babel/babel-loader#1031
• Bump webpack from 5.93.0 to 5.94.0 by @​dependabot in babel/babel-loader#1035
• chore: update dev deps by @​JLHwung in babel/babel-loader#1036
• Bump cross-spawn from 7.0.3 to 7.0.6 by @​dependabot in babel/babel-loader#1049

Internal

• Remove caller option check by @​JLHwung in babel/babel-loader#1007
• Update tests by @​JLHwung in babel/babel-loader#1003
• Update metadata test by @​JLHwung in babel/babel-loader#1024
• Migrate to node test runner by @​JLHwung in babel/babel-loader#1028
• chore: use default eslint rules by @​JLHwung in babel/babel-loader#1029
• refactor: use webpack builtin schema util by @​JLHwung in babel/babel-loader#1030

New Contributors

• @​stefanpenner made their first contribution in babel/babel-loader#909

Full Changelog: babel/babel-loader@v9.1.3...v10.0.0

Commits

• 10456d3 10.0.0
• 5a223cf Add babel-loader v10 readme (#1046)
• 8f88667 Bump cross-spawn from 7.0.3 to 7.0.6 (#1049)
• f765949 Update readme and repo templates (#1041)
• b582028 add readme section for loggingDebug support (#1038)
• a0c450d feat: add babel-loader debug logger (#1034)
• d4181b8 Support cache with external dependencies (#1033)
• 7fcb533 chore: update dev deps (#1036)
• c2a90e5 Bump webpack from 5.93.0 to 5.94.0 (#1035)
• 70a3710 refactor: replace find-cache-dir by find-up (#1031)
• Additional commits viewable in compare view

Updates css-loader from 6.11.0 to 7.1.2

Release notes

Sourced from css-loader's releases.

v7.1.2

7.1.2 (2024-05-22)

Bug Fixes

• keep order of @imports with the webpackIgnore comment (#1600) (76757ef)

v7.1.1

7.1.1 (2024-04-10)

Bug Fixes

• automatically rename class default to _default when named export is enabled (#1590) (d6c31a1)

v7.1.0

7.1.0 (2024-04-08)

Features

• added the getJSON option to output CSS modules mapping (#1577) (af834b4)

v7.0.0

7.0.0 (2024-04-04)

⚠ BREAKING CHANGES

• The modules.namedExport option is true by default if you enable the esModule option

Migration guide:

Before:

import style from "./style.css";
console.log(style.myClass);

After:

import * as style from "./style.css";
console.log(style.myClass);

... (truncated)

Changelog

Sourced from css-loader's changelog.

7.1.2 (2024-05-22)

Bug Fixes

• keep order of @imports with the webpackIgnore comment (#1600) (76757ef)

7.1.1 (2024-04-10)

Bug Fixes

• automatically rename class default to _default when named export is enabled (#1590) (d6c31a1)

7.1.0 (2024-04-08)

Features

• added the getJSON option to output CSS modules mapping (#1577) (af834b4)

7.0.0 (2024-04-04)

⚠ BREAKING CHANGES

• The modules.namedExport option is true by default if you enable the esModule option

Migration guide:

Before:

import style from "./style.css";
console.log(style.myClass);

After:

import * as style from "./style.css";
console.log(style.myClass);

To restore 6.x behavior, please use:

module.exports = {
</tr></table> 

... (truncated)

Commits

• d5ba44a chore(release): 7.1.2
• 76757ef fix: keep order of @imports with the webpackIgnore comment (#1600)
• 4b41689 ci: use node v22 (#1596)
• 2068222 chore: update dependencies to latest version (#1595)
• e006f66 refactor: use environment to get templateLiteral value (#1591)
• 5c717c9 chore(release): 7.1.1
• d6c31a1 fix: automatically rename class default to _default when named export is ...
• b162e25 chore(release): 7.1.0
• 15f793d docs: update logic (#1587)
• 9c165a4 docs: update migration guide (#1586)
• Additional commits viewable in compare view

Updates postcss from 8.5.3 to 8.5.4

Release notes

Sourced from postcss's releases.

8.5.4

• Fixed Parcel compatibility issue (by @​git-sumitchaudhary).

Changelog

Sourced from postcss's changelog.

8.5.4

• Fixed Parcel compatibility issue (by @​git-sumitchaudhary).

Commits

• 6cb4a66 Release 8.5.4 version
• ec5c1e0 Update dependencies
• e85e938 Fix code format
• 5054233 fixed error at line 401 (#2046)
• 0538b63 docs: Update README.md (#2044)
• b5f407f Add postcss-fontsource-url to plugins (#2043)
• 94b5260 Clarify documentation for node.source.end.offset (#2032)
• a20724a Fix Markdown syntax
• cf6b969 fix: add a mention for postcssense extension (#2040)
• ff48c29 Increase size
• Additional commits viewable in compare view

Updates postcss-loader from 7.3.4 to 8.1.1

Release notes

Sourced from postcss-loader's releases.

v8.1.1

8.1.1 (2024-02-28)

Bug Fixes

• respect default when loading postcss esm configs (52d8050)

v8.1.0

8.1.0 (2024-01-30)

Features

• add @rspack/core as an optional peer dependency (#679) (512e4c3)

v8.0.0

8.0.0 (2024-01-16)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 18.12.0 (#677) (8dd0315)

Changelog

Sourced from postcss-loader's changelog.

8.1.1 (2024-02-28)

Bug Fixes

• respect default when loading postcss esm configs (52d8050)

8.1.0 (2024-01-30)

Features

• add @rspack/core as an optional peer dependency (#679) (512e4c3)

8.0.0 (2024-01-16)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 18.12.0 (#677) (8dd0315)

Commits

• d2651fc chore(release): 8.1.1
• 52d8050 fix: respect default when loading postcss esm configs
• fdd5448 ci: fix commitlint check (#683)
• 107b519 chore: update dependencies to latest version (#682)
• 947f29b chore: update dependency-review-action to the latest version (#681)
• df307b5 chore(release): 8.1.0
• 512e4c3 feat: add @rspack/core as an optional peer dependency (#679)
• d53fe9d chore(release): 8.0.0
• 8dd0315 chore!: minimum supported Node.js version is 18.12.0 (#677)
• See full diff in compare view

Updates style-loader from 3.3.4 to 4.0.0

Release notes

Sourced from style-loader's releases.

v4.0.0

4.0.0 (2024-04-08)

⚠ BREAKING CHANGES

• minimum supported webpack version is 5.27.0
• minimum support Node.js version is 18.12.0
• the insert option can only be a selector or the path to the module

Migration:

Before:

webpack.config.js

module.exports = {
  module: {
    rules: [
      {
        test: /\.css$/i,
        use: [
          {
            loader: "style-loader",
            options: {
              injectType: "styleTag",
              styleTagTransform: function (css, style) {
                // Do something ...
                style.innerHTML = `${css}.modify{}\n`;
            document.head.appendChild(style);
          },
        },
      },
      "css-loader",
    ],
  },
],

},
};

After:

insert-function.js

function insert(css, style) {
  var parent = options.target || document.head;
</tr></table> 

... (truncated)

Changelog

Sourced from style-loader's changelog.

4.0.0 (2024-04-08)

⚠ BREAKING CHANGES

• minimum supported webpack version is 5.27.0
• minimum support Node.js version is 18.12.0
• the insert option can only be a selector or the path to the module

Migration:

Before:

webpack.config.js

module.exports = {
  module: {
    rules: [
      {
        test: /\.css$/i,
        use: [
          {
            loader: "style-loader",
            options: {
              injectType: "styleTag",
              styleTagTransform: function (css, style) {
                // Do something ...
                style.innerHTML = `${css}.modify{}\n`;
            document.head.appendChild(style);
          },
        },
      },
      "css-loader",
    ],
  },
],

},
};

After:

insert-function.js

function insert(css, style) {
  var parent = options.target || document.head;
</tr></table>

... (truncated)

Commits

• 091d37d chore(release): 4.0.0
• abc0b5f docs: improve more
• 565362c docs: update
• 7122cde refactor!: the insert option can only be a selector or the path to the mo...
• 11b8639 refactor!: the styleTagTransform option can only be the path to the module
• 7ec1120 test: fix
• 977bb71 refactor!: minimum supported webpack version is 5.27.0
• a70555a test: update
• dc6e368 refactor!: minimum support Node.js version is 18.12.0
• b7cdc6c chore: update codecov-action to v4 (#623)
• Additional commits viewable in compare view

Updates webpack-cli from 5.1.4 to 6.0.1

Release notes

Sourced from webpack-cli's releases.

v6.0.1

6.0.1 (2024-12-20)

Bug Fixes

• update peer dependencies (#4356) (7a7e5d9)

v6.0.0

6.0.0 (2024-12-19)

BREAKING CHANGES

• the minimum required Node.js version is 18.12.0
• removed init, loader and plugin commands in favor create-webpack-app
• dropped support for webpack-dev-server@v4
• minimum supported webpack version is 5.82.0
• The --define-process-env-node-env option was renamed to --config-node-env

Bug Fixes

• allow to require webpack.config.js in ESM format (#4346) (5106684)
• correct the minimum help output (#4057) (c727c4f)
• gracefully shutting down (#4145) (90720e2)
• improve help output for possible values (#4316) (4cd5aef)
• no serve when dev-server is false (#2947) (a93e860)

Features

• output pnpm version with info/version command (#3906) (38f3c6f)

Changelog

Sourced from webpack-cli's changelog.

6.0.1 (2024-12-20)

Bug Fixes

• update peer dependencies (#4356) (7a7e5d9)

6.0.0 (2024-12-19)

BREAKING CHANGES

• the minimum required Node.js version is 18.12.0
• removed init, loader and plugin commands in favor create-webpack-app
• dropped support for webpack-dev-server@v4
• minimum supported webpack version is 5.82.0
• The --define-process-env-node-env option was renamed to --config-node-env

Bug Fixes

• allow to require webpack.config.js in ESM format (#4346) (5106684)
• correct the minimum help output (#4057) (c727c4f)
• gracefully shutting down (#4145) (90720e2)
• improve help output for possible values (#4316) (4cd5aef)
• no serve when dev-server is false (#2947) (a93e860)

Features

• output pnpm version with info/version command (#3906) (38f3c6f)

Commits

• 480b33d chore(release): publish new version
• 7a5071b test: fix
• 8326501 fix: better default values
• eab2f39 fix: less dependencies
• 2db1195 refactor: code
• fca8c00 fix: logging
• 09c7cd7 fix: reduce package size, avoid *.d.ts
• 7a7e5d9 fix: update peer dependencies (#4356)
• 5405aed chore(deps-dev): bump readable-stream in the dependencies group (#4355)
• 270fdc2 chore(release): create-webpack-app
• Additional commits viewable in compare view

Updates webpack-dev-server from 4.15.2 to 5.2.1

Release notes

Sourced from webpack-dev-server's releases.

v5.2.1

5.2.1 (2025-03-26)

Security

• cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
• requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

• prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
• take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

v5.2.0

5.2.0 (2024-12-11)

Features

• added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

• speed up initial client bundling (145b5d0)

v5.1.0

5.1.0 (2024-09-03)

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

Bug Fixes

• check the platform property to determinate the target (#5269) (c3b532c)
• ipv6 output (#5270) (06005e7)
• replace rimraf with rm (#5162) (1a1561f)
• replace default gateway (#5255) (f5f0902)
• support devServer: false (#5272) (8b341cb)

v5.0.4

5.0.4 (2024-03-19)

... (truncated)

Changelog

Sourced from webpack-dev-server's changelog.

5.2.1 (2025-03-26)

Security

• cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
• requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

• prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
• take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

5.2.0 (2024-12-11)

Features

• added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

• speed up initial client bundling (145b5d0)

5.1.0 (2024-09-03)

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

Bug Fixes

• check the platform property to determinate the target (#5269) (c3b532c)
• ipv6 output (#5270) (06005e7)
• replace rimraf with rm (#5162) (1a1561f)
• replace default gateway (#5255) (f5f0902)
• support devServer: false (#5272) (8b341cb)

5.0.4 (2024-03-19)

Bug Fixes

... (truncated)

Commits

• 0d22a08 chore(release): 5.2.1
• 6045b1e chore(deps): update (#5444)
• ffd0b86 fix: take the first network found instead of the last one, this restores the ...
• 9ea7b08 ci: update dependency-review-action (#5442)
• 5c9378b Merge commit from fork
• d2575ad Merge commit from fork
• 8c1abc9 fix: prevent overlay for errors caught by React error boundaries (#5431)
• 5a39c70 ci: update codecov/codecov-action to v5 (#5406)
• 55220a8 chore(deps-dev): bump the dependencies group across 1 directory with 4 update...
• 09f6f8e chore(deps): bump the dependencies group across 1 directory with 2 updates (#...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.