Bump the webpack group with 7 updates

[dependabot]

Bumps the webpack group with 7 updates:

Package	From	To
html-webpack-plugin	5.6.3	5.6.4
ts-loader	9.5.2	9.5.4
webpack	5.101.0	5.102.1
webpack-dev-server	5.2.1	5.2.2
webpack-assets-manifest	6.0.2	6.3.0
webpack-dev-middleware	7.4.2	7.4.5
webpack-sources	3.2.3	3.3.3

Updates html-webpack-plugin from 5.6.3 to 5.6.4

Changelog

Sourced from html-webpack-plugin's changelog.

5.6.4 (2025-08-14)

Bug Fixes

• compilation.errors should contain Error objects (#1877) (b733b1a)

Commits

• 6ef547a chore(release): 5.6.4
• b733b1a fix: compilation.errors should contain Error objects (#1877)
• dbc9af6 test: issue 1873 (#1876)
• 5ec703d chore(deps): bump webpack (#1875)
• See full diff in compare view

Updates ts-loader from 9.5.2 to 9.5.4

Release notes

Sourced from ts-loader's releases.

v9.5.4

• chore: typescript 5.9 upgrade - thanks @​johnnyreilly

Skipping 9.5.3 due to a publishing issue

v9.5.3

• fix: add more detailed error messages - thanks @​hai-x

Changelog

Sourced from ts-loader's changelog.

9.5.4

• chore: typescript 5.9 upgrade - thanks @​johnnyreilly

Skipping 9.5.3 due to a publishing issue

Commits

• f7d022f Update changelog for version 9.5.4 (#1677)
• ba825c2 chore: TypeScript 5.9 upgrade (#1676)
• 847a249 feat: stub for 5.8 (#1668)
• 0ee4035 feat: Update push.yml with workflow_dispatch
• d735298 chore: update lockfile (#1666)
• See full diff in compare view

Updates webpack from 5.101.0 to 5.102.1

Release notes

Sourced from webpack's releases.

v5.102.1

Fixes

• Supported extends with env for browserslist
• Supported JSONP fragment format for web workers.
• Fixed dynamic import support in workers using browserslist.
• Fixed default defer import mangling.
• Fixed default import of commonjs externals for SystemJS format.
• Fixed context modules to the same file with different import attributes.
• Fixed typescript types.
• Improved import.meta warning messages to be more clear when used directly.
• [CSS] Fixed CC_UPPER_U parsing (E -> U) in tokenizer.

v5.102.0

Features

• Added static analyze for dynamic imports
• Added support for import file from "./file.ext" with { type: "bytes" } to get the content as Uint8Array (look at example)
• Added support for import file from "./file.ext" with { type: "text" } to get the content as text (look at example)
• Added the snapshot.contextModule to configure snapshots options for context modules
• Added the extractSourceMap option to implement the capabilities of loading source maps by comment, you don't need source-map-loader (look at example)
• The topLevelAwait experiment is now stable (you can remove experiments.topLevelAwait from your webpack.config.js)
• The layers experiment is now stable (you can remove experiments.layers from your webpack.config.js)
• Added function matcher support in rule options

Fixes

• Fixed conflicts caused by multiple concatenate modules
• Ignore import failure during HMR update with ES modules output
• Keep render module order consistent
• Prevent inlining modules that have this exports
• Removed unused timeout attribute of script tag
• Supported UMD chunk format to work in web workers
• Improved CommonJs bundle to ES module library
• Use es-lexer for mjs files for build dependencies
• Fixed support __non_webpack_require__ for ES modules
• Properly handle external modules for CSS
• AssetsByChunkName included assets from chunk.auxiliaryFiles
• Use createRequire only when output is ES module and target is node
• Typescript types

Performance Improvements

• Avoid extra calls for snapshot
• A avoid extra jobs for build dependencies
• Move import attributes to own dependencies

v5.101.3

... (truncated)

Commits

• c7ebdbd chore(release): 5.102.1
• b7530c2 fix(css): correct CC_UPPER_U typo (E -> U) (#19989)
• f3ef142 fix: defer import mangling (#19988)
• d32f171 fix: hash options types (#19987)
• 436fc7d chore(deps): bump CodSpeedHQ/action from 4.1.0 to 4.1.1 (#19986)
• c7dd066 fix: context modules with import attributes (#19984)
• 85bacbd fix: default import of commonjs externals for SystemJS format
• 7634cd2 docs: update examples (#19982)
• 9f98d80 fix: javascript parser options types (#19980)
• 8804459 chore(deps): bump CodSpeedHQ/action from 4.0.1 to 4.1.0 (#19977)
• Additional commits viewable in compare view

Updates webpack-dev-server from 5.2.1 to 5.2.2

Release notes

Sourced from webpack-dev-server's releases.

v5.2.2

5.2.2 (2025-06-03)

Bug Fixes

• "Overlay enabled" false positive (18e72ee)
• do not crush when error is null for runtime errors (#5447) (309991f)
• remove unnecessary header X_TEST (#5451) (64a6124)
• respect the allowedHosts option for cross-origin header check (#5510) (03d1214)

Changelog

Sourced from webpack-dev-server's changelog.

5.2.2 (2025-06-03)

Bug Fixes

• "Overlay enabled" false positive (18e72ee)
• do not crush when error is null for runtime errors (#5447) (309991f)
• remove unnecessary header X_TEST (#5451) (64a6124)
• respect the allowedHosts option for cross-origin header check (#5510) (03d1214)

Commits

• 195a7e6 chore(release): 5.2.2
• 620bef1 chore(deps): update (#5511)
• 03d1214 fix: respect the allowedHosts option for cross-origin header check (#5510)
• 5ba862e chore(deps-dev): bump the dependencies group across 1 directory with 7 update...
• f7fec94 chore: fix typo (#5508)
• 6ee8cd0 ci: add Node.js v24 (#5492)
• d30f963 chore: update http-proxy-middleware to ^2.0.9 (#5503)
• 66cf033 chore(deps-dev): bump the dependencies group with 2 updates (#5504)
• 4367a5c refactor: use 'String#startsWith' & replace if-then-else (#5501)
• 8e6604f chore(deps): bump the dependencies group across 1 directory with 4 updates (#...
• Additional commits viewable in compare view

Updates webpack-assets-manifest from 6.0.2 to 6.3.0

Release notes

Sourced from webpack-assets-manifest's releases.

v6.3.0

6.3.0 (2025-09-29)

v6.2.2

6.2.2 (2025-07-28)

v6.2.1

6.2.1 (2025-06-08)

Bug Fixes

• ignore ENOENT error during merge (8b6247c)

v6.2.0

6.2.0 (2025-06-08)

v6.1.0

6.1.0 (2025-05-06)

Commits

• 038562c Merge pull request #315 from webdeveric/chore/deps
• 714a581 chore(deps-dev): updated dev dependencies
• fabe029 chore(deps): updated dependencies
• 47699a9 chore: configured minimumReleaseAge
• d07f530 chore: bumped pnpm version
• 087b465 Merge pull request #313 from webdeveric/chore/deps
• ba9cf49 chore(deps-dev): updated dev dependencies
• c2abe95 chore: bumped pnpm version
• 00bb8a1 Merge pull request #312 from webdeveric/chore/ci
• e7d952e ci: updated cron schedule
• Additional commits viewable in compare view

Updates webpack-dev-middleware from 7.4.2 to 7.4.5

Release notes

Sourced from webpack-dev-middleware's releases.

v7.4.5

7.4.5 (2025-09-24)

Bug Fixes

• unpin memfs (#2176) (c9a0e68)

v7.4.4

7.4.4 (2025-09-23)

Bug Fixes

• pin memfs version (#2174) (044d691)

v7.4.3

7.4.3 (2025-09-05)

Bug Fixes

• do not call the next middleware for 304 responses (#2155) (c26a326)
• do not call the next middleware when request is finished or errored (#2156) (116c680)

Changelog

Sourced from webpack-dev-middleware's changelog.

7.4.5 (2025-09-24)

Bug Fixes

• unpin memfs (#2176) (c9a0e68)

7.4.4 (2025-09-23)

Bug Fixes

• pin memfs version (#2174) (044d691)

7.4.3 (2025-09-05)

Bug Fixes

• do not call the next middleware for 304 responses (#2155) (c26a326)
• do not call the next middleware when request is finished or errored (#2156) (116c680)

Commits

• ec97e06 chore(release): 7.4.5
• c9a0e68 fix: unpin memfs (#2176)
• 0c87e95 chore(deps-dev): bump the dependencies group across 1 directory with 6 update...
• 8f40f5f chore(release): 7.4.4
• 044d691 fix: pin memfs version (#2174)
• 253c7e1 chore(deps-dev): bump the dependencies group with 3 updates (#2170)
• 2535262 chore(deps): bump the dependencies group across 1 directory with 5 updates (#...
• 6b7531e chore: remove CODEOWNERS, too spammy (#2167)
• be10aa6 chore(deps): remove strip-ansi (#2166)
• 0c4431b chore(deps): update
• Additional commits viewable in compare view

Updates webpack-sources from 3.2.3 to 3.3.3

Release notes

Sourced from webpack-sources's releases.

v3.3.3

Fixes

• generate last column mapping even when source is missing for ConcatSource

v3.3.2

Fixes

• [Types] Using HashLike name instead Hash

v3.3.1

Fixes

• Always use a buffer to calculate the hash
• [Types] Added debugId and ignoreList fields to RawSourceMap type

v3.3.0

Features

• Added types
• Added ability to reduce memory consumed

Performance

• Avoid extra calculation for hash updates

Commits

• 1b98c0f chore(release): 3.3.3
• b19b923 fix: generate last column mapping even when source is missing for ConcatSource
• b2db929 ci: improve (#172)
• 6af577c chore: use eslint-config-webpack (#170)
• 4588be9 refactor: replace "for" loop with "while" loop (#169)
• ff8093c refactor: use for...of for better readability (#168)
• c74a44f chore: fix typos (#167)
• 9d63cbc chore(release): 3.3.2
• 5f37699 fix(types): using HashLike name instead Hash (#166)
• 60b8628 chore(release): 3.3.1
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack-sources since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Hello 👋! When you're ready to run Chromatic, please apply the run_chromatic label to this PR.

You will need to reapply the label each time you want to run Chromatic.

Click here to see the Chromatic project.

[github-actions]

Deploy build 46002 of Mobile::mobile-apps-rendering to CODE

All deployment options

• Deploy build 46002 of Mobile::mobile-apps-rendering to CODE
• Deploy parts of build 46002 to CODE by previewing it first
• What's on CODE right now?

---

From guardian/actions-riff-raff.

[github-actions]

Deploy build 21755 of dotcom:rendering-all to CODE

All deployment options

• Deploy build 21755 of dotcom:rendering-all to CODE
• Deploy parts of build 21755 to CODE by previewing it first
• What's on CODE right now?

---

From guardian/actions-riff-raff.

[gu-prout]

Seen on PROD (created by @dependabot[bot] and merged by @JamieB-gu 7 minutes and 52 seconds ago) Please check your changes!