Skip to content

@docusaurus/preset-classic:3.8.1 uses webpack-dev-server: 4.15.2 which has known security vulnerabilities #11334

Closed as duplicate
Closed as duplicate
@docusaurus/preset-classic:3.8.1 uses webpack-dev-server: 4.15.2 which has known security vulnerabilities#11334
Labels
bugAn error in the Docusaurus core causing instability or issues with its execution
@CatarinaFernandes-carlsberg

Description

@CatarinaFernandes-carlsberg
CatarinaFernandes-carlsberg
opened on Jul 17, 2025

Have you read the Contributing Guidelines on issues?

Prerequisites

  • I'm using the latest version of Docusaurus.
  • I have tried the npm run clear or yarn clear command.
  • I have tried rm -rf node_modules yarn.lock package-lock.json and re-installing packages.
  • I have tried creating a repro with https://new.docusaurus.io.
  • I have read the console error message carefully (if applicable).

Description

webpack-dev-server: 4.15.2 introduces vulnerabilities CVE-2025-30359 and CVE-2025-30359 which can be fixed by upgrading to webpack fix version 5.2.1 or latest.

Reproducible demo

No response

Steps to reproduce

use docusaurus 3.8.1 to generate website

Expected behavior

no security alerts from Docusaurus dependencies

Actual behavior

Dependabot detects the mentioned vulnerabilities introduced by webpack-dev-server: 4.15.2

Your environment

No response

Self-service

  • I'd be willing to fix this bug myself.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugAn error in the Docusaurus core causing instability or issues with its execution

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions