fix: Upgrade webpack dev server

[riodeuno]

Description

Update webpack dev server to update path-to-regexp to v0.1.12

Fixes https://github.com/appsmithorg/appsmith/security/dependabot/360

Automation

/ok-to-test tags="@tag.All"

🔍 Cypress test results

Caution

🔴 🔴 🔴 Some tests have failed.
Workflow run: https://github.com/appsmithorg/appsmith/actions/runs/13673398290
Commit: 1bc2243
Cypress dashboard.
Tags: @tag.All
Spec:
The following are new failures, please fix them before merging the PR:

1. cypress/e2e/Regression/ServerSide/GenerateCRUD/Postgres2_Spec.ts

List of identified flaky tests.

---

Wed, 05 Mar 2025 11:18:55 UTC

Communication

Should the DevRel and Marketing teams inform users about this change?

• Yes
• No

Summary by CodeRabbit

• Refactor

  • Streamlined the development server configuration to consolidate middleware setup, enhancing overall operational efficiency.

• Chores

  • Upgraded the development server dependency to the latest major release, contributing to improved stability and performance.

[coderabbitai]

Walkthrough

This pull request removes the HTTPS configuration from the Webpack Dev Server setup and replaces the onBeforeSetupMiddleware hook with a unified setupMiddlewares method. The new method consolidates the middleware management by unshifting evalSourceMapMiddleware and pushing both redirectServedPath and noopServiceWorkerMiddleware onto the middleware array. Additionally, the version of webpack-dev-server in the package manifest has been updated from ^4.6.0 to ^5.2.0.

Changes

File	Change Summary
app/client/config/webpackDevServer.config.js	Removed https configuration; replaced onBeforeSetupMiddleware with setupMiddlewares that unshifts evalSourceMapMiddleware and pushes redirectServedPath and noopServiceWorkerMiddleware.
app/client/package.json	Updated webpack-dev-server dependency version from ^4.6.0 to ^5.2.0.

Sequence Diagram(s)

sequenceDiagram
    participant DevServer as Development Server
    participant SW as setupMiddlewares
    participant ESM as evalSourceMapMiddleware
    participant RS as redirectServedPath
    participant NSWM as noopServiceWorkerMiddleware

    DevServer->>SW: invoke setupMiddlewares(middlewares, devServer)
    SW->>ESM: unshift (add first)
    SW->>RS: push (append)
    SW->>NSWM: push (append)
    SW-->>DevServer: return middlewares array

Loading

Suggested labels

Bug, ok-to-test

Suggested reviewers

• KelvinOm
• dvj1988
• sharat87

Poem

In the realm of code so sleek,
Middlewares now take their peak.
HTTPS bids a fond adieu,
New hooks orchestrate what we do.
Cheers to change, and fun anew! 🎉
Happy coding, team!

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[riodeuno]

@riodeuno Fix the following issue:

                  ^

TypeError: devServer.close is not a function
    at process.<anonymous> (...appsmith/app/client/scripts/start.js:136:19)
    at process.emit (node:events:530:35)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

app/client/config/webpackDevServer.config.js (1)

9-9: Potential unused import after configuration changes.

The getHttpsConfig import is still present but appears to be unused after removing the HTTPS configuration.

-const getHttpsConfig = require("./getHttpsConfig");

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 92fa95f and 1bc2243.

⛔ Files ignored due to path filters (1)

• app/client/yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (2)

• app/client/config/webpackDevServer.config.js (1 hunks)
• app/client/package.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (4)

• GitHub Check: client-unit-tests / client-unit-tests
• GitHub Check: client-prettier / prettier-check
• GitHub Check: client-build / client-build
• GitHub Check: client-lint / client-lint

🔇 Additional comments (3)

app/client/package.json (1)

395-395:

❓ Verification inconclusive

Major version upgrade of webpack-dev-server requires careful validation.

The upgrade from webpack-dev-server v4 to v5 involves significant API changes. This aligns with the modifications in the webpack configuration file.

---

🏁 Script executed:

#!/bin/bash
# Check for any breaking changes or migration guides for webpack-dev-server v5
curl -s https://www.npmjs.com/package/webpack-dev-server | grep -A 10 "Breaking Changes"

# Check if there are any remaining references to old webpack-dev-server API
rg "onBeforeSetupMiddleware|onAfterSetupMiddleware" --type js

Length of output: 154

---

Attention: Manual Verification Needed for webpack-dev-server v5 Upgrade
The migration to webpack-dev-server v5 involves major API changes, especially in how middleware is configured. Although our automated search didn’t reveal any lingering legacy hooks like onBeforeSetupMiddleware or onAfterSetupMiddleware, please manually verify that your webpack configuration fully adheres to the updated API (for example, by ensuring that the new setupMiddlewares approach is correctly implemented).

• Double-check all webpack configuration files to ensure deprecated hooks are completely removed.
• Confirm that the configuration has been updated per the official webpack-dev-server v5 migration guide.

app/client/config/webpackDevServer.config.js (2)

100-117: Middleware configuration updated to match webpack-dev-server v5 API.

The previous hooks onBeforeSetupMiddleware and onAfterSetupMiddleware have been replaced with the unified setupMiddlewares method, which is the correct approach for webpack-dev-server v5. The middleware logic itself remains functionally equivalent.

---

100-100:

✅ Verification successful

HTTPS configuration has been removed.

The HTTPS configuration has been removed from the webpack dev server setup. Ensure this is intentional and that developers are aware HTTPS will no longer be available in the development environment.

---

🏁 Script executed:

#!/bin/bash
# Check if HTTPS is used elsewhere in the codebase for local development
rg "HTTPS=true|https:.*true" --type js --type json

# Check if there are any docs or README files mentioning HTTPS for local development
rg "HTTPS.*development|secure.*localhost" --type md

Length of output: 65964

---

Action: Confirm intentional removal of HTTPS configuration from the webpack dev server

The HTTPS configuration has been removed as expected. I searched the codebase for any local development flags or settings (e.g., "HTTPS=true" or similar references) and found that while some tests assert that URLs start with "https://docs.appsmith.com/", they only rely on external documentation links rather than on a local HTTPS setup. There aren’t any indications elsewhere that the dev server depends on an HTTPS configuration.

• Verify that no local development logic relies on webpack’s HTTPS configuration.
• Note that tests referencing https URLs (e.g., in Cypress specs) are unaffected by this removal.

This removal appears intentional. Please confirm that relying solely on HTTP for local development is acceptable for your use case.

[KelvinOm]

@riodeuno just to make sure :) Have you checked how local dev works?