Sourced from webpack-dev-server's releases.

v5.2.2

5.2.2 (2025-06-03)

Bug Fixes

• "Overlay enabled" false positive (18e72ee)
• do not crush when error is null for runtime errors (#5447) (309991f)
• remove unnecessary header X_TEST (#5451) (64a6124)
• respect the allowedHosts option for cross-origin header check (#5510) (03d1214)

v5.2.1

5.2.1 (2025-03-26)

Security

• cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
• requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

• prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
• take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

v5.2.0

5.2.0 (2024-12-11)

Features

• added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

• speed up initial client bundling (145b5d0)

v5.1.0

5.1.0 (2024-09-03)

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

... (truncated)

Sourced from webpack-dev-server's changelog.

5.2.2 (2025-06-03)

Bug Fixes

• "Overlay enabled" false positive (18e72ee)
• do not crush when error is null for runtime errors (#5447) (309991f)
• remove unnecessary header X_TEST (#5451) (64a6124)
• respect the allowedHosts option for cross-origin header check (#5510) (03d1214)

5.2.1 (2025-03-26)

Security

• cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
• requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

• prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
• take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

5.2.0 (2024-12-11)

Features

• added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

• speed up initial client bundling (145b5d0)

5.1.0 (2024-09-03)

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

Bug Fixes

• check the platform property to determinate the target (#5269) (c3b532c)

... (truncated)

• 195a7e6 chore(release): 5.2.2
• 620bef1 chore(deps): update (#5511)
• 03d1214 fix: respect the allowedHosts option for cross-origin header check (#5510)
• 5ba862e chore(deps-dev): bump the dependencies group across 1 directory with 7 update...
• f7fec94 chore: fix typo (#5508)
• 6ee8cd0 ci: add Node.js v24 (#5492)
• d30f963 chore: update http-proxy-middleware to ^2.0.9 (#5503)
• 66cf033 chore(deps-dev): bump the dependencies group with 2 updates (#5504)
• 4367a5c refactor: use 'String#startsWith' & replace if-then-else (#5501)
• 8e6604f chore(deps): bump the dependencies group across 1 directory with 4 updates (#...
• Additional commits viewable in compare view

Sourced from @​angular-devkit/build-angular's releases.

21.1.0

@​schematics/angular

Commit	Description
	add browserMode option to jasmine-vitest schematic
	generate detailed migration report for refactor-jasmine-vitest
	add MCP configuration file to new workspaces

@​angular/cli

Commit	Description
	add 'test' and 'e2e' MCP tools
	Add "all" as an experimental tool group
	Add MCP tools for building and running devservers
	add signal forms lessons
	correctly handle yarn classic tag manifest fetching
	correctly spawn package managers on Windows in new abstraction
	enhance list_projects MCP tool file system traversal and symlink handling
	handle array output from npm view in manifest parser
	improve signal forms lesson examples in AI tutor
	rename mcp devserver tools to comply with naming spec
	update dependency @​modelcontextprotocol/sdk to v1.25.2
	update yarn berry package manager configuration
	use project-local temporary directory in ng add
	cache resolved specific version in package manager abstraction
	optimize ng add version discovery

@​angular/build

Commit	Description
	directly support ng-packagr in unit-test builder
	disable TestBed teardown during debugging in Vitest
	inject source-map-support for Vitest browser tests
	normalize roots to POSIX in test discovery for Windows compatibility
	resolve test files correctly on Windows when using non-C drives
	simplify SSL handling for ng serve with SSR (#31722)

21.1.0-rc.0

@​schematics/angular

Commit	Description
	move 'provideZoneChangeDetection' to the root module
	update application schematics for module-based apps to use 'provideZoneChangeDetection'
	update default app component message
	update default app component welcome message

@​angular/cli

Commit	Description
	add 'test' and 'e2e' MCP tools
	Add "all" as an experimental tool group
	handle array output from npm view in manifest parser
	update dependency @​modelcontextprotocol/sdk to v1.25.2

... (truncated)

Sourced from @​angular-devkit/build-angular's changelog.

21.1.0 (2026-01-14)

@​angular/cli

Commit	Type	Description
772e6efe7	feat	add 'test' and 'e2e' MCP tools
8efb86318	feat	Add "all" as an experimental tool group
c3c9ac506	feat	Add MCP tools for building and running devservers
d635a6c63	feat	add signal forms lessons
d8b76e93d	fix	correctly handle yarn classic tag manifest fetching
7ab5c0b0a	fix	correctly spawn package managers on Windows in new abstraction
348096623	fix	enhance list_projects MCP tool file system traversal and symlink handling
316fca862	fix	handle array output from npm view in manifest parser
032257a6d	fix	improve signal forms lesson examples in AI tutor
18d74dde8	fix	rename mcp devserver tools to comply with naming spec
1ad773671	fix	update dependency @​modelcontextprotocol/sdk to v1.25.2
45d4f5668	fix	update yarn berry package manager configuration
122ed27c9	fix	use project-local temporary directory in ng add
a15db28b2	perf	cache resolved specific version in package manager abstraction
240588b7e	perf	optimize ng add version discovery

@​schematics/angular

Commit	Type	Description
36cf3afb4	feat	add browserMode option to jasmine-vitest schematic
e71a72ffd	feat	generate detailed migration report for refactor-jasmine-vitest
18cf6c51b	fix	add MCP configuration file to new workspaces

@​angular/build

Commit	Type	Description
1eda0a99f	feat	directly support ng-packagr in unit-test builder
87175f9dc	feat	disable TestBed teardown during debugging in Vitest
1e39c77a4	fix	inject source-map-support for Vitest browser tests
3fd7dcd76	fix	normalize roots to POSIX in test discovery for Windows compatibility
164e7dbbc	fix	resolve test files correctly on Windows when using non-C drives
ad99e00ad	fix	simplify SSL handling for ng serve with SSR (#31722)

21.0.6 (2026-01-14)

@​angular/ssr

| Commit | Type | Description |

... (truncated)

• 9c5a2e3 release: cut the v21.1.0 release
• 94e7f49 build: update Angular versions to 21.1.0 stable versions
• 84a228c build: update dependency bazel to v8.5.1
• 9ae6844 build: update dependency node to v22.22.0
• 09c5c9f build: lock file maintenance
• 977d461 refactor: update license URL from angular.io to angular.dev and angular mater...
• f13c845 refactor: update copyright from Google Inc to Google LLC
• 8d99cfe fix(@​angular/ssr): handle platform destruction during rendering
• 8195bf8 build: update cross-repo angular dependencies
• d45693a refactor(@​angular/cli): support copying config files to temp package directory
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.