build(deps): bump webpack-dev-server from 5.2.2 to 5.2.4 in /website

[dependabot]

Bumps webpack-dev-server from 5.2.2 to 5.2.4.

Release notes

Sourced from webpack-dev-server's releases.

v5.2.4

5.2.4 (2026-05-11)

Bug Fixes

• set Cross-Origin-Resource-Policy header to prevent source code theft over HTTP

v5.2.3

5.2.3 (2026-01-12)

Bug Fixes

• add cause for errorObject (#5518) (37b033d)
• compatibility with event target and universal target and lazy compilation (574026c)
• overlay: add ESC key to dismiss overlay (#5598) (f91baa8)
• progress indicator styles (#5557) (41a53a1)
• upgrade selfsigned to v5

Changelog

Sourced from webpack-dev-server's changelog.

5.2.4 (2026-05-11)

Bug Fixes

• set Cross-Origin-Resource-Policy header to prevent source code theft over HTTP

5.2.3 (2026-01-12)

Bug Fixes

• add cause for errorObject (#5518) (37b033d)
• compatibility with event target and universal target and lazy compilation (574026c)
• overlay: add ESC key to dismiss overlay (#5598) (f91baa8)
• progress indicator styles (#5557) (41a53a1)
• upgrade selfsigned to v5

Commits

• fd40130 chore(release): 5.2.4
• ece4f36 chore: update deps (#5661)
• a216144 ci: fix test (#5658)
• df073c5 Merge commit from fork
• b550a70 chore(release): 5.2.3
• 9704dc5 chore: upgrade selfsigned to v5 and remove node-forge dependency (#5618)
• 92bf644 chore: bump express to update qs (#5621)
• 792b2f0 chore(deps-dev): bump the dependencies group with 4 updates (#5606)
• 6d587ca chore(deps): bump the dependencies group across 1 directory with 27 updates (...
• f91baa8 fix(overlay): add ESC key to dismiss overlay (#5598)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Note

Low Risk
Lockfile-only update to the website’s dev tooling; behavior changes are limited to local webpack-dev-server usage and its updated transitive dependencies (not production runtime code).

Overview
Updates the website’s webpack-dev-server lockfile resolution from 5.2.2 to 5.2.4, pulling in minor dependency bumps (notably express and compression).

As part of the upstream update, selfsigned is upgraded to v5 (dropping node-forge/@types/node-forge and adding pkijs/@peculiar/x509 and related ASN.1 deps), which also raises its Node engine requirement.

^{Reviewed by Cursor Bugbot for commit cdc78b2. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes using default mode and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit cdc78b2. Configure here.}

[cursor]

Transitive dependency requires Node.js 20, project allows 18

Low Severity

The bump of webpack-dev-server to 5.2.4 pulls in selfsigned v5, which depends on @peculiar/x509 v1.14.3. That package declares "engines": { "node": ">=20.0.0" }, but website/package.json advertises "engines": { "node": ">=18.0" }. A developer running Node.js 18 or 19 — which the project claims to support — could encounter runtime failures when webpack-dev-server attempts to generate self-signed certificates.

Additional Locations (1)

• website/package-lock.json#L5795-L5817

 

^{Reviewed by Cursor Bugbot for commit cdc78b2. Configure here.}