All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

• security: bump webpack-dev-middleware (#5112) (aab576a)

• types: proxy (#5101) (6e1aed3)

• types (#5057) (da2c24d)

• avoid using eval in client (#5045) (7681477)
• overlay and require-trusted-types-for (#5046) (e115436)

Migration Guide and Changes.

• replace :: with localhost before openBrowser() (#4856) (874c44b)
• types: compatibility with @types/ws (#4899) (34bcec2)

• overlay displays unhandled promise rejection (#4849) (d1dd430)

• allow CLI to be ESM (#4837) (bb4a5d9)
• allow filter overlay errors/warnings with function (#4813) (aab01b3)

• perf: reduced initial start time (#4818) (fcf01d1)

• prevent open 0.0.0.0 in browser due windows problems (04e74f2)

• make webpack optional peer dependency (#4778) (71be54e)

• added client.overlay.runtimeErrors option to control runtime errors (#4773) (dca2366)

• allow to set the sockjs_url option (only sockjs) using the webSocketServer.options.sockjsUrl option (#4586) (69a2fba)
• catch runtime error (#4605) (87a26cf)
• improve styles for overlay (#4576) (791fb85)
• open editor when clicking error on overlay (#4587) (efb2cec)

• compatibility with experiments.buildHttp (#4585) (5b846cb)
• respect NODE_PATH env variable (#4581) (b857e6f)

• respect client.logging option for all logs (#4572) (375835c)

• make allowedHosts accept localhost subdomains by default (#4357) (0a33e6a)

• auto reply to OPTIONS requests only when unhandled (#4559) (984af02), closes #4551

• compatibility with old browsers (#4544) (6a430d4)

• allow to configure more client options via resource URL (#4274) (216e3cb)

• response correctly when receive an OPTIONS request (#4185) (2b3b7e0)

• avoid creation unnecessary stream for static sockjs file (#4482) (049b153)
• history-api-fallback now supports HEAD requests and handles them the same as GET (8936082)

• add @types/serve-static to dependencies (#4468) (af83deb)

• security problem with sockjs (#4465) (e765182)

• support Trusted Types for client overlay (#4404) (8132e1d)

• ie11 runtime (#4403) (256d5fb)
• replace portfinder with custom implementation and fix security problem (#4384) (eea50f3)
• use the host in options to check if port is available (#4385) (a10c7cf)

• types (#4373) (f6fe6be)

• export initialized socket client (#4304) (7920364)

• update description for --no-client-reconnect (#4248) (317648d)
• update description for --no-client (#4250) (c3b6690)
• update description for --no-history-api-fallback (#4277) (d63a0a2)
• update negated descriptions for more options (#4287) (c64bd94)
• update schema to have negatedDescription only for type boolean (#4280) (fcf8e8e)

• add @types/express (#4226) (e55f728)
• negative descriptions (#4216) (fd854c0)
• types for the proxy option (#4173) (efec2f5)
• use CLI specific description for --open-app-name and --web-socket-server (#4215) (329679a)

• update selfsigned to 2.0.0 version

• apply onAfterSetupMiddleware after setupMiddlewares (as behavior earlier) (f6bc644)

• removed url package, fixed compatibility with future webpack defaults (#4132) (4e5d8ea)

• added the setupMiddlewares option and deprecated onAfterSetupMiddleware and onBeforeSetupMiddleware options (#4068) (c13aa56)
• added types (8f02c3f)
• show deprecation warning for cacert option (#4115) (c73ddfb)

• add description for watchFiles options (#4057) (75f3817)
• allow passing options for custom server (#4110) (fc8bed9)
• correct schema for ClientLogging (#4084) (9b7ae7b)
• mark --open-app deprecated in favor of --open-app-name (#4091) (693c28a)
• show deprecation warning for both https and http2 (#4069) (d8d5d71)
• update --web-socket-server description (#4098) (65955e9)
• update listen and close deprecation warning message (#4097) (b217a19)
• update descriptions of https and server options (#4094) (f97c9e2)

• allow to pass all chokidar options (#4025) (5026601)

• reconnection logic (#4044) (9b32c96)
• reload on warnings (#4056) (1ba9720)

• add --web-socket-server-type option for CLI (#4001) (17c390a)
• show deprecation warning for https/http2 option, migration guide for https and migration guide for http2 (because we use spdy for http2 due express doesn't support http2) (#4003) (521cf85)

• infinity refresh on warnings (#4006) (10da223)
• invalid host message is missing on client with https (#3997) (#3998) (ff0869c)
• remove process listeners after stopping the server (#4013) (d198e4e)

• added the server option, now you can pass server options, example { server: { type: 'http', options: { maxHeaderSize: 32768 } } }, available options for http and https, note - for http2 is used spdy, options specified in the server.options option take precedence over https/http2 options (#3940) (a70a7ef)
• added the client.reconnect option (#3912) (5edad76)
• improve error handling within startCallback and endCallback (#3969) (b0928ac)

• schema for web socket server type (#3913) (f6aa6f7)
• typo in SSL information log (#3939) (4c6103b)

• perf (#3906) (f6e2a19)

• allow array for headers option (#3847) (9911437)
• gracefully and force shutdown (#3880) (db24b16)

• avoid web socket connection when web socket server is not running (#3879) (8874d72)
• display file name for warnings/errors in overlay (#3867) (d20def5)
• formatting errors/warnings (#3877) (f0dbea0)
• handle 0 value of the port option property (ed67f66)

• infinity loop for multi compiler mode (#3840) (e019bd2)
• reloading logic for multi compiler mode (#3841) (ef148ec)

• added the http.ca option (CLI option added too) (should be used instead cacert, because we will remove it in the next major release in favor the https.ca option)
• added the https.crl option (CLI options added too), more information
• https.ca/https.cacert/ https.cert/https.crl/https.key/https.pfx options are now accept Arrays of Buffer/string/Path to file, using --https-*-reset CLI options you can reset these options
• https.pfx/https.key can be Object[], more information
• https options can now accept custom options, you can use:

module.exports = {
  // Other options
  devServer: {
    https: {
      // Allow to set additional TSL options https://nodejs.org/api/tls.html#tls_tls_createsecurecontext_options
      minVersion: "TLSv1.1",
      ca: path.join(httpsCertificateDirectory, "ca.pem"),
      pfx: path.join(httpsCertificateDirectory, "server.pfx"),
      key: path.join(httpsCertificateDirectory, "server.key"),
      cert: path.join(httpsCertificateDirectory, "server.crt"),
      passphrase: "webpack-dev-server",
    },
  }
};

• accept connections with file: and chrome-extensions: protocol by default (#3822) (138f064)
• close overlay on disconnection (#3825) (011bcf1)
• respect https.cacert option (#3820) (0002ebf)

• improve the description of the magicHtml option (#3772) (b80610f)
• replace ansi-html with ansi-html-community to avoid CVE (#3801) (36fd214)

• added the magicHtml option (#3717) (4831f58)
• allow to set hot and live-reload for client using search params (1c57680)
• show warning when the hot option is enabled with the HMR plugin in config (#3744) (6cb1e4e)

• change log type of Disconnected! to info (fde27f5)
• handle --allowed-hosts all correctly (#3720) (326ed56)
• output documentation link on errors (#3680) (e16221b)
• respect the bypass option with target/router options for proxy (b5dd568)

• migration guide from v3 to v4 can be found here

• improve https CLI output (#3673) (f2d87fb)
• initial reloading for lazy compilation (#3662) (1768d6b)
• respect protocol from browser for manual setup (#3675) (cdcabb2)

• migration guide from v3 to v4 can be found here

• async API (#3608) (974ce25)
• use ECMA modules in client (#3550) (9307755)

• fix usage legacy API (#3660) (c4678bc)
• proxy logging and allow to pass options without the target option (#3651) (6e2cbde)
• render ansi formatted error messages correctly in overlay (#3579) (9313454)
• use value of the infastructureLogging.level option by default for client.logging. (#3613) (c9ccc96)
• schema for the host option (#3549) (7200d31)
• show deprecation warning for incorrect usage of Node.js API (#3563) (62b21ff)

• migration guide from v3 to v4 can be found here

• rename client.transport to client.webSocketTransport
• move web socket client to web socket server class, i.e. to get web socket clients use this.webSocketServer.clients
• remove entry options (i.e. hotEntry and needClientEntry) in favor manual setup entries (#3494)
• you need to reset CLI options using reset option, please look them in webpack serve --help
• host and port options can't be null or empty string

• allow to close overlay in browser (#3433) (307f2e7)
• add port auto (#3297) (437c8d3)
• added <url> pattern for open and allow to use multiple browsers (#3496) (7c7ccf9)
• allow string value for client.webSocketURL.port (#3354) (f5e7f8f)
• allow to disable web socket server using webSocketServer: false (f62f20f)
• allow username and password in clientURL (#3452) (a7225d5)
• display documentation links on errors (#3512) (54790ab)
• enable compress by default (#3303) (4d251b5)
• implement the client.webSocketURL.protocol option (#3380) (8998d6b)
• the ipc option was added for unix socket (#3479) (b559738)
• support Function in headers option (#3267) (28f9597)

• allow to use 80 port for dev server (#3487) (22f18eb)
• avoid duplicate App updated. Recompiling... (#3488) (a2e3ead)
• do not allow empty string for port (#3372) (8c53102)
• don't allow empty array for allowedHosts option (#3451) (17aa345)
• get rid of Symbol core-js polyfill (#3535) (7afe3d2)
• the host option can't be null or empty string (#3352) (216b0d3)
• improve message for static content changes (#3289) (970a7d7)
• improve processing of CLI flags (#3313) (32bc877)
• rename firewall option to allowedHosts option (#3345) (81e4e55)
• pass own logger in historyApiFallback (#3373) (3ba2fa5)
• polling usage in watchFiles option (#3366) (2afb223)
• postpone initialize (#3467) (80087de)
• regression with port and bonjour (c2805fe)
• rename path to pathname for client.webSocketURL (#3466) (fd63e02)
• respect logLevel and logProvider option for proxy (#3257) (199baec)
• show plugin name in progress log (#3337) (b8a0932)

• the https.ca option was removed in favor the https.cacert option
• the dev option was renamed to devMiddleware
• the client.overlay option is true by default and show warnings by default
• use server port for websocket connection by default, if you proxied webpack-dev-server, please update webpack-cli to v4.7.0 (#3185) (0c3f817)
• minimum supported Node.js version is 12.13.0

• added https.cacert (#3240) (b212a2c)
• added more CLI options, please run webpack server --help to look at them (#3238) (469e558)
• support bonjour options (#3202) (5534583)

• improve warning message for open (#3191) (d473fd9)
• respect the client.logging option for HMR logging (#3159) (6f3c6ba)
• respect client.needClientEntry and client.needHotEntry options (#3178) (a2b6db9)
• overlay with warnings (#3215) (7e18161)
• help description for options
• error description for options
• improve warning message for the open option

• the openPage option and the --open-page CLI option were removed in favor { open: ['/my-page', '/my-other-page/'] } for Node.js API and --open-target [URL] (without [URL] dev server will open a browser using the host option value) and --open-app <browser> for CLI
• the useLocalIp option was removed in favor { host: 'local-ip' }, alternative you can provide values: local-ipv4 for IPv4 and local-ipv6 for IPv6
• stdin option was removed in favor --watch-options-stdin
• injectClient and injectHot was removed in favor client.needClientEntry and client.needHotEntry

• added the watchFiles option, now you can reload server on file changes, for example { watchFiles: ['src/**/*.php', 'public/**/*'] } (#3136) (d73213a)
• added more CLI options, please run webpack server --help (#3148) (03a2b27)
• enable overlay by default (#3108) (5e05e48)
• you can specify multiple targets and browsers for the open option, i.e. { open: { target: ['/my-page', '/my-other-page'], app: ['google-chrome', '--incognito'] } } (e3c2683)

• /webpack-dev-server url shows list of files (#3101) (b3374c3)

• dev server client compatibility with IE11/IE10/IE9 (#3129) (1e3e656)

  • For IE11/IE10 you need polyfill fetch() and Promise, example:

  module.exports = {
    entry: {
      entry: [
        'whatwg-fetch', 
        'core-js/features/promise', 
        './entry.js'
      ],
    },
  };

  • For IE9 you need polyfill fetch() and Promise and use sockjs for communications (because WebSocket is not supported), example:

  module.exports = {
    entry: {
      entry: [
        'whatwg-fetch', 
        'core-js/features/promise', 
        './entry.js'
      ],
    },
    devServer: {
      transportMode: 'sockjs',
    },
  };

  IE8 is not supported

• hostname resolving (#3128) (cd39491)

• improve CLI options (#3151) (09fa827)

• output description on invalid options (#3154) (2e02978)

• prefer to open the host option (#3115) (7e525eb)

• reduce number of dependencies

• --hot-only option was removed
• default value of the static option is path.resolve(process.cwd(), 'public'), previously path.resolve(process.cwd(), 'static')
• the overlay option was moved into the client option

• add more negative flags - --no-https, --no-http2, --no-compress and --no-history-api-fallback (#3070) (ebc966f)
• allow Boolean type for the --firewall option (#3041) (6711c1d)
• improve output for localhost and fix open (#2892) (9e65c24)
• improve output for IPv4 and IPv6 (#3092) (f362665)

• allow to open browser with --open-page (#3032) (581ee07)
• content security policy issue in client log (2de2e01)
• empty and multiple entries support (#2920) (45f6592)
• improve descriptions for CLI options (#3021) (7d339d4)
• improve descriptions for negative flags (#3029) (2e2190a)
• multi compiler mode with proxy (#2905) (247a92b)
• remove double brackets from the ws url when using raw IPv6 address (#2951) (2ec8160)
• show correct url in output status (#3013) (06b3d91)
• show detailed error in overlay (ba01b05)
• support file: and chrome-extension: protocols in client (#2954) (163bdce)
• warnings in overlay (#3054) (6144c8d)
• webpack-cli installation message (#2955) (b9ce07f)

• drop support Node.js@6 and Node.js@8, minimum supported Node.js version is Node@10
• the hot option is true by default
• the hotOnly option was removed, if you need hot only mode, use hot: 'only' value
• the default transportMode is switched from sockjs to ws (IE 11 and other old browsers doesn't support WebSocket, set sockjs value for transportMode if you need supports IE 11)
• before, after and setup were removed in favor onBeforeSetupMiddleware (previously before) and onAfterSetupMiddleware options (previously after)
• the clientOptions was renamed to the client option
• the key, cert, pfx, pfx-passphrase, cacert, ca and requestCert options were moved to https options, please use https.{key|cert|pfx|passphrase|requestCert|cacert|ca|requestCert}
• the sockHost, sockPath and sockPort options were removed in client option
• the inline option (iframe live mode) was removed
• the lazy and filename options were removed
• the features option was removed
• the log, logLevel, logTime, noInfo, quiet, reporter and warn options were removed in favor of built-in webpack logger, please read this to enable and setup logging output
• the fs, index, mimeTypes, publicPath, serverSideRender, and writeToDisk options were moved in the dev option (webpack-dev-middleware options)
• updating webpack-dev-middleware to v4, which includes many breaking options changes, please read
• the stats option was removed, please use the stats option from webpack.config.js
• the socket option was removed
• the contentBase, contentBasePublicPath, serveIndex, staticOptions, watchContentBase, watchOptions were removed in favor of the static option
• the disableHostCheck and allowedHosts options were removed in favor of the firewall option
• server.listen() will find free port if the port is not set and the port argument is not passed, also print a warning if the port option and the port argument passed to server.listen() are different
• the progress option is moved to the client option, set client: {progress: true}
• the profile option was removed, to print profile data, set client: { progress: 'profile' }
• client uses the port of the current location (location.port, equivalent to sockPort: 'location'), by default. To get previously behavior, set the client.port with the port you'd like to set
• client uses the hostname of the current location (location.hostname), by default. To get previously behavior, set the client.host with the hostname you'd like to set

• compatibility with webpack@5
• compatibility with webpack-cli@4
• added the setupExitSignals option, it takes a boolean and if true (default on CLI), the server will close and exit the process on SIGINT and SIGTERM
• update chokidar to v3

Unfortunately, due to the huge amount of changes it is very difficult to display all changes in a convenient form. Therefore, we offer you a couple of popular examples (feel free to send a PR with more examples).

Previously contentBase, contentBasePublicPath, serveIndex, staticOptions, watchContentBase and watchOptions

module.exports = {
  // ...
  devServer: {
    // Can be:
    // static: path.resolve(__dirname, 'static')
    // static: false
    static: [
      // Simple example
      path.resolve(__dirname, 'static'),
      // Complex example
      {
        directory: path.resolve(__dirname, 'static'),
        staticOptions: {},
        // Don't be confused with `dev.publicPath`, it is `publicPath` for static directory
        // Can be:
        // publicPath: ['/static-public-path-one/', '/static-public-path-two/'],
        publicPath: '/static-public-path/',
        // Can be:
        // serveIndex: {} (options for the `serveIndex` option you can find https://github.com/expressjs/serve-index)
        serveIndex: true,
        // Can be:
        // watch: {} (options for the `watch` option you can find https://github.com/paulmillr/chokidar)
        watch: true,
      },
    ],
  },
};

module.exports = {
  // ...
  devServer: {
    dev: {
      publicPath: '/publicPathForDevServe',
    },
  },
};

Previously disableHostCheck and allowedHosts

module.exports = {
  // ...
  devServer: {
    // Can be
    // firewall: ['192.168.0.1', 'domain.com']
    firewall: false,
  },
};

module.exports = {
  // ...
  infrastructureLogging: {
    // Only warnings and errors
    // level: 'none' disable logging
    // Please read https://webpack.js.org/configuration/other-options/#infrastructurelogginglevel
    level: 'warn',
  },
};

• add icons for directory viewer (#2441) (e953d01)
• allow multiple contentBasePublicPath paths (#2489) (c6bdfe4)
• emit progress-update (#2498) (4808abd), closes #1666
• add invalidate endpoint (#2493) (89ffb86)
• allow open option to accept an object (#2492) (adeb92e)

• do not swallow errors from server (#2512) (06583f2)
• security vulnerability in yargs-parser (#2566) (41d1d0c)
• don't crash on setupExitSignals(undefined) (#2507) (0d5c681)
• support entry descriptor (closes #2453) (#2465) (8bbef6a)
• update jquery (#2516) (99ccfd8)

• forward error requests to the proxy (#2425) (e291cd4)

• fallthrough non GET and HEAD request to routes (#2374) (ebe8eca)
• add an optional peer dependency on webpack-cli (#2396) (aa365df)
• add heartbeat for the websocket server (#2404) (1a7c827)

• ie11 compatibility (1306abe)

• client: allow sock port to use location's port (sockPort: 'location') (#2341) (dc10d06)
• server: add contentBasePublicPath option (#2150) (cee700d)

• client: don't override protocol for socket connection to 127.0.0.1 (#2303) (3a31917), closes #2302
• server: respect sockPath on transportMode: 'ws' (#2310) (#2311) (e188542)
• https on chrome linux (#2330) (dc8b475)
• support webpack@5 (#2359) (8f89c01)

• add hostname and port to bonjour name to prevent name collisions (#2276) (d8af2d9)
• add extKeyUsage to self-signed cert (#2274) (a4dbc3b)

• add multiple openPage support (#2266) (c9e9178)

• update selfsigned package

• add null check for connection.headers (#2200) (7964997)
• false positive for an absolute path in the ContentBase option on windows (#2202) (68ecf78)
• add status in quiet log level (#2235) (7e2224e)
• scriptHost in client (#2246) (00903f6)

• server: fix setupExitSignals usage (#2181) (bbe410e)
• server: set port before instantiating server (#2143) (cfbf229)
• check for name of HotModuleReplacementPlugin to avoid RangeError (#2146) (4579775)
• server: check for external urls in array (#1980) (fa78347)
• server: fix header check for socket server (#2077) (7f51859)
• server: stricter headers security check (#2092) (078ddca)

• server: add transportMode (#2116) (b5b9cb4)
• server: serverMode 'ws' option (#2082) (04483f4)
• server/client: made progress option available to API (#1961) (56274e4)

We have migrated serverMode and clientMode to transportMode as an experimental option. If you want to use this feature, you have to change your settings.

Related PR: webpack#2116

• client: add default fallback for client (#2015) (d26b444)
• open: set wait: false to run server.close successfully (#2001) (2b4cb52)
• test: fixed ProvidePlugin.test.js (#2002) (47453cb)

• retry finding port when port is null and get ports in sequence (#1993) (bc57514)

• change clientLogLevel order to be called first (#1973) (57c8c92)
• es6 syntax in client (#1982) (802aa30)

• config: enable --overlay (#1968) (dc81e23)
• server: don't ignore node_modules by default (#1970) (699f8b4), closes #1794

• server: add serverMode option (#1937) (44a8cde)

• allow passing promise function of webpack.config.js (#1947) (8cf1053)

• add client code for electron-renderer target (#1935) (9297988)
• add client code for node-webkit target (#1942) (c6b2b1f)

• server: onListening option (#1930) (61d0cdf)
• server: add callback support for invalidate (#1900) (cd218ef)
• server: add WEBPACK_DEV_SERVER env variable (#1929) (856169e)

• add none and warning to clientLogLevel (#1901) (0ae9be8)
• broken hot reload (#1903) (6a444cd)

• don't use self.location.port (#1838) (6d31984)
• do not include config files in dist (#1883) (c535bb2)
• only add client entry to web targets (#1775) (cf4d0d0)
• update clientLogLevel to match docs and error (#1825) (7f52bbf)
• add errors-warnings preset (#1895) (2a81ad2)

• added injectClient option (#1775) (cf4d0d0)
• added injectHot option (#1775) (cf4d0d0)
• added sockPort option (#1792) (58d1682)
• added sockHost option (#1858) (f47dff2)
• support HEAD method (#1875) (c2360e4)
• added liveReload option (#1889) (fc4fe32)
• update express to 4.17 version

• regression: always get necessary stats for hmr (#1780) (66b04a9)
• regression: host and port can be undefined or null (#1779) (028ceee)
• only add entries after compilers have been created (#1774) (b31cbaa)

• compatibility with [email protected] (#1754) (fd7cb0d)
• ignore proxy when bypass return false (#1696) (aa7de77)
• respect stats option from webpack config (#1665) (efaa740)
• use location.port when location.hostname is used to infer HMR socket URL (#1664) (2f7f052)
• don't crash with express.static.mime.types (#1765) (919ff77)

• add option "serveIndex" to enable/disable serveIndex middleware (#1752) (d5d60cb)
• add webpack as argument to before and after options (#1760) (0984d4b)
• http2 option to enable/disable HTTP/2 with HTTPS (#1721) (dcd2434)
• random port retry logic (#1692) (419f02e)
• relax depth limit from chokidar for content base (#1697) (7ea9ab9)

• deprecation message about setup now warning about v4 (#1684) (523a6ec)
• regression: allow ca, key and cert will be string (#1676) (b8d5c1e)
• regression: handle key, cert, cacert and pfx in CLI (#1688) (4b2076c)
• regression: problem with idb-connector after update internal-ip (#1691) (eb48691)

• add workaround for Origin header in sockjs (#1608) (1dfd4fb)

• delete a comma for Node.js <= v7.x (#1609) (0bab1c0)

• regression in checkHost for checking Origin header (#1606) (8bb3ca8)

• bin/options: correct check for color support (options.color) (#1555) (55398b5)
• package: update spdy v3.4.1...4.0.0 (assertion error) (#1491) (#1563) (7a3a257)
• Server: correct node version checks (#1543) (927a2b3)
• Server: mime type for wasm in contentBase directory (#1575) (#1580) (fadae5d)
• add url for compatibility with webpack@5 (#1598) (#1599) (68dd49a)
• check origin header for websocket connection (#1603) (b3217ca)

• options: add writeToDisk option to schema (#1520) (d2f4902)
• package: update sockjs-client v1.1.5...1.3.0 (url-parse vulnerability) (#1537) (e719959)
• Server: set tls.DEFAULT_ECDH_CURVE to 'auto' (#1531) (c12def3)

• package: yargs security vulnerability (dependencies) (#1492) (8fb67c9)
• utils/createLogger: ensure quiet always takes precedence (options.quiet) (#1486) (7a6ca47)

• Server: don't use spdy on node >= v10.0.0 (#1451) (8ab9eb6)

• bin: handle process signals correctly when the server isn't ready yet (#1432) (334c3a5)
• examples/cli: correct template path in open-page example (#1401) (df30727)
• schema: allow the output filename to be a {Function} (#1409) (e2220c4)