webpack-dev-server 4.8.1 → 4.9.2

package/README.md

@@ -80,137 +80,127 @@ Usage: webpack serve|server|s [entries...] [options]
 Run the webpack dev server.
 
 Options:
-  -c, --config <value...>                   Provide path to a webpack configuration file e.g. ./webpack.config.js.
-  --config-name <value...>                  Name of the configuration to use.
-  -m, --merge                               Merge two or more configurations using 'webpack-merge'.
-  --env <value...>                          Environment passed to the configuration when it is a function.
-  --node-env <value>                        Sets process.env.NODE_ENV to the specified value.
-  --progress [value]                        Print compilation progress during build.
-  -j, --json [value]                        Prints result as JSON or store it in a file.
-  --entry <value...>                        The entry point(s) of your application e.g. ./src/main.js.
-  -o, --output-path <value>                 Output location of the file generated by webpack e.g. ./dist/.
-  -t, --target <value>                      Sets the build target e.g. node.
-  -d, --devtool <value>                     Determine source maps to use.
-  --no-devtool                              Do not generate source maps.
-  --mode <value>                            Defines the mode to pass to webpack.
-  --name <value>                            Name of the configuration. Used when loading multiple configurations.
-  --stats [value]                           It instructs webpack on how to treat the stats e.g. verbose.
-  --no-stats                                Disable stats output.
-  --watch-options-stdin                     Stop watching when stdin stream has ended.
-  --no-watch-options-stdin                  Do not stop watching when stdin stream has ended.
-  --allowed-hosts <value...>                Allows to enumerate the hosts from which access to the dev server are allowed (useful when you are proxying dev server, by default is 'auto').
-  --allowed-hosts-reset                     Clear all items provided in 'allowedHosts' configuration. Allows to enumerate the hosts from which access to the dev server are allowed (useful when
-                                            you are proxying dev server, by default is 'auto').
-  --bonjour                                 Allows to broadcasts dev server via ZeroConf networking on start.
-  --no-bonjour                              Disallows to broadcasts dev server via ZeroConf networking on start.
-  --no-client                               Disables client script.
-  --client-logging <value>                  Allows to set log level in the browser.
-  --client-overlay                          Enables a full-screen overlay in the browser when there are compiler errors or warnings.
-  --no-client-overlay                       Disables the full-screen overlay in the browser when there are compiler errors or warnings.
-  --client-overlay-errors                   Enables a full-screen overlay in the browser when there are compiler errors.
-  --no-client-overlay-errors                Disables the full-screen overlay in the browser when there are compiler errors.
-  --client-overlay-warnings                 Enables a full-screen overlay in the browser when there are compiler warnings.
-  --no-client-overlay-warnings              Disables the full-screen overlay in the browser when there are compiler warnings.
-  --client-progress                         Prints compilation progress in percentage in the browser.
-  --no-client-progress                      Does not print compilation progress in percentage in the browser.
-  --client-reconnect [value]                Tells dev-server the number of times it should try to reconnect the client.
-  --no-client-reconnect                     Tells dev-server to not to try to reconnect the client.
-  --client-web-socket-transport <value>     Allows to set custom web socket transport to communicate with dev server.
-  --client-web-socket-url <value>           Allows to specify URL to web socket server (useful when you're proxying dev server and client script does not always know where to connect to).
-  --client-web-socket-url-hostname <value>  Tells clients connected to devServer to use the provided hostname.
-  --client-web-socket-url-password <value>  Tells clients connected to devServer to use the provided password to authenticate.
-  --client-web-socket-url-pathname <value>  Tells clients connected to devServer to use the provided path to connect.
-  --client-web-socket-url-port <value>      Tells clients connected to devServer to use the provided port.
-  --client-web-socket-url-protocol <value>  Tells clients connected to devServer to use the provided protocol.
-  --client-web-socket-url-username <value>  Tells clients connected to devServer to use the provided username to authenticate.
-  --compress                                Enables gzip compression for everything served.
-  --no-compress                             Disables gzip compression for everything served.
-  --history-api-fallback                    Allows to proxy requests through a specified index page (by default 'index.html'), useful for Single Page Applications that utilise the HTML5
-                                            History API.
-  --no-history-api-fallback                 Disallows to proxy requests through a specified index page.
-  --host <value>                            Allows to specify a hostname to use.
-  --hot [value]                             Enables Hot Module Replacement.
-  --no-hot                                  Disables Hot Module Replacement.
-  --http2                                   Allows to serve over HTTP/2 using SPDY. Deprecated, use the `server` option.
-  --no-http2                                Does not serve over HTTP/2 using SPDY.
-  --https                                   Allows to configure the server's listening socket for TLS (by default, dev server will be served over HTTP). Deprecated, use the `server` option.
-  --no-https                                Disallows to configure the server's listening socket for TLS (by default, dev server will be served over HTTP).
-  --https-ca <value...>                     Path to an SSL CA certificate or content of an SSL CA certificate. Deprecated, use the `server.options.ca` option.
-  --https-ca-reset                          Clear all items provided in 'https.ca' configuration. Path to an SSL CA certificate or content of an SSL CA certificate. Deprecated, use the
-                                            `server.options.ca` option.
-  --https-cacert <value...>                 Path to an SSL CA certificate or content of an SSL CA certificate. Deprecated, use the `server.options.ca` option.
-  --https-cacert-reset                      Clear all items provided in 'https.cacert' configuration. Path to an SSL CA certificate or content of an SSL CA certificate. Deprecated, use the
-                                            `server.options.ca` option.
-  --https-cert <value...>                   Path to an SSL certificate or content of an SSL certificate. Deprecated, use the `server.options.cert` option.
-  --https-cert-reset                        Clear all items provided in 'https.cert' configuration. Path to an SSL certificate or content of an SSL certificate. Deprecated, use the
-                                            `server.options.cert` option.
-  --https-crl <value...>                    Path to PEM formatted CRLs (Certificate Revocation Lists) or content of PEM formatted CRLs (Certificate Revocation Lists). Deprecated, use the
-                                            `server.options.crl` option.
-  --https-crl-reset                         Clear all items provided in 'https.crl' configuration. Path to PEM formatted CRLs (Certificate Revocation Lists) or content of PEM formatted CRLs
-                                            (Certificate Revocation Lists). Deprecated, use the `server.options.crl` option.
-  --https-key <value...>                    Path to an SSL key or content of an SSL key. Deprecated, use the `server.options.key` option.
-  --https-key-reset                         Clear all items provided in 'https.key' configuration. Path to an SSL key or content of an SSL key. Deprecated, use the `server.options.key` option.
-  --https-passphrase <value>                Passphrase for a pfx file. Deprecated, use the `server.options.passphrase` option.
-  --https-pfx <value...>                    Path to an SSL pfx file or content of an SSL pfx file. Deprecated, use the `server.options.pfx` option.
-  --https-pfx-reset                         Clear all items provided in 'https.pfx' configuration. Path to an SSL pfx file or content of an SSL pfx file. Deprecated, use the
-                                            `server.options.pfx` option.
-  --https-request-cert                      Request for an SSL certificate. Deprecated, use the `server.options.requestCert` option.
-  --no-https-request-cert                   Does not request for an SSL certificate.
-  --ipc [value]                             Listen to a unix socket.
-  --live-reload                             Enables reload/refresh the page(s) when file changes are detected (enabled by default).
-  --no-live-reload                          Disables reload/refresh the page(s) when file changes are detected (enabled by default)
-  --magic-html                              Tells dev-server whether to enable magic HTML routes (routes corresponding to your webpack output, for example '/main' for 'main.js').
-  --no-magic-html                           Disables magic HTML routes (routes corresponding to your webpack output, for example '/main' for 'main.js').
-  --open [value...]                         Allows to configure dev server to open the browser(s) and page(s) after server had been started (set it to true to open your default browser).
-  --no-open                                 Does not open the default browser.
-  --open-app <value...>                     Open specified browser. Deprecated: please use '--open-app-name'.
-  --open-app-name <value...>                Open specified browser.
-  --open-app-name-reset                     Clear all items provided in 'open.app.name' configuration. Open specified browser.
-  --open-reset                              Clear all items provided in 'open' configuration. Allows to configure dev server to open the browser(s) and page(s) after server had been started
-                                            (set it to true to open your default browser).
-  --open-target <value...>                  Opens specified page in browser.
-  --open-target-reset                       Clear all items provided in 'open.target' configuration. Opens specified page in browser.
-  --port <value>                            Allows to specify a port to use.
-  --server-options-ca <value...>            Path to an SSL CA certificate or content of an SSL CA certificate.
-  --server-options-ca-reset                 Clear all items provided in 'server.options.ca' configuration. Path to an SSL CA certificate or content of an SSL CA certificate.
-  --server-options-cacert <value...>        Path to an SSL CA certificate or content of an SSL CA certificate. Deprecated, use the `server.options.ca` option.
-  --server-options-cacert-reset             Clear all items provided in 'server.options.cacert' configuration. Path to an SSL CA certificate or content of an SSL CA certificate. Deprecated,
-                                            use the `server.options.ca` option.
-  --server-options-cert <value...>          Path to an SSL certificate or content of an SSL certificate.
-  --server-options-cert-reset               Clear all items provided in 'server.options.cert' configuration. Path to an SSL certificate or content of an SSL certificate.
-  --server-options-crl <value...>           Path to PEM formatted CRLs (Certificate Revocation Lists) or content of PEM formatted CRLs (Certificate Revocation Lists).
-  --server-options-crl-reset                Clear all items provided in 'server.options.crl' configuration. Path to PEM formatted CRLs (Certificate Revocation Lists) or content of PEM
-                                            formatted CRLs (Certificate Revocation Lists).
-  --server-options-key <value...>           Path to an SSL key or content of an SSL key.
-  --server-options-key-reset                Clear all items provided in 'server.options.key' configuration. Path to an SSL key or content of an SSL key.
-  --server-options-passphrase <value>       Passphrase for a pfx file.
-  --server-options-pfx <value...>           Path to an SSL pfx file or content of an SSL pfx file.
-  --server-options-pfx-reset                Clear all items provided in 'server.options.pfx' configuration. Path to an SSL pfx file or content of an SSL pfx file.
-  --server-options-request-cert             Request for an SSL certificate.
-  --no-server-options-request-cert          Negative 'server-options-request-cert' option.
-  --server-type <value>                     Allows to set server and options (by default 'http').
-  --static [value...]                       Allows to configure options for serving static files from directory (by default 'public' directory).
-  --no-static                               Negative 'static' option.
-  --static-directory <value...>             Directory for static contents.
-  --static-public-path <value...>           The static files will be available in the browser under this public path.
-  --static-public-path-reset                Clear all items provided in 'static.publicPath' configuration. The static files will be available in the browser under this public path.
-  --static-reset                            Clear all items provided in 'static' configuration. Allows to configure options for serving static files from directory (by default 'public'
-                                            directory).
-  --static-serve-index                      Tells dev server to use serveIndex middleware when enabled.
-  --no-static-serve-index                   Does not tell dev server to use serveIndex middleware.
-  --static-watch                            Watches for files in static content directory.
-  --no-static-watch                         Does not watch for files in static content directory.
-  --watch-files <value...>                  Allows to configure list of globs/directories/files to watch for file changes.
-  --watch-files-reset                       Clear all items provided in 'watchFiles' configuration. Allows to configure list of globs/directories/files to watch for file changes.
-  --web-socket-server <value>               Deprecated: please use '--web-socket-server-type' option. Allows to set web socket server and options (by default 'ws').
-  --no-web-socket-server                    Negative 'web-socket-server' option.
-  --web-socket-server-type <value>          Allows to set web socket server and options (by default 'ws').
+  -c, --config <value...>                             Provide path to a webpack configuration file e.g. ./webpack.config.js.
+  --config-name <value...>                            Name of the configuration to use.
+  -m, --merge                                         Merge two or more configurations using 'webpack-merge'.
+  --env <value...>                                    Environment passed to the configuration when it is a function.
+  --node-env <value>                                  Sets process.env.NODE_ENV to the specified value.
+  --progress [value]                                  Print compilation progress during build.
+  -j, --json [value]                                  Prints result as JSON or store it in a file.
+  -d, --devtool <value>                               Determine source maps to use.
+  --no-devtool                                        Do not generate source maps.
+  --entry <value...>                                  The entry point(s) of your application e.g. ./src/main.js.
+  --mode <value>                                      Defines the mode to pass to webpack.
+  --name <value>                                      Name of the configuration. Used when loading multiple configurations.
+  -o, --output-path <value>                           Output location of the file generated by webpack e.g. ./dist/.
+  --stats [value]                                     It instructs webpack on how to treat the stats e.g. verbose.
+  --no-stats                                          Disable stats output.
+  -t, --target <value...>                             Sets the build target e.g. node.
+  --no-target                                         Negative 'target' option.
+  --watch-options-stdin                               Stop watching when stdin stream has ended.
+  --no-watch-options-stdin                            Do not stop watching when stdin stream has ended.
+  --allowed-hosts <value...>                          Allows to enumerate the hosts from which access to the dev server are allowed (useful when you are proxying dev server, by default is 'auto').
+  --allowed-hosts-reset                               Clear all items provided in 'allowedHosts' configuration. Allows to enumerate the hosts from which access to the dev server are allowed (useful when you are proxying dev server, by default is 'auto').
+  --bonjour                                           Allows to broadcasts dev server via ZeroConf networking on start.
+  --no-bonjour                                        Disallows to broadcasts dev server via ZeroConf networking on start.
+  --no-client                                         Disables client script.
+  --client-logging <value>                            Allows to set log level in the browser.
+  --client-overlay                                    Enables a full-screen overlay in the browser when there are compiler errors or warnings.
+  --no-client-overlay                                 Disables the full-screen overlay in the browser when there are compiler errors or warnings.
+  --client-overlay-errors                             Enables a full-screen overlay in the browser when there are compiler errors.
+  --no-client-overlay-errors                          Disables the full-screen overlay in the browser when there are compiler errors.
+  --client-overlay-warnings                           Enables a full-screen overlay in the browser when there are compiler warnings.
+  --no-client-overlay-warnings                        Disables the full-screen overlay in the browser when there are compiler warnings.
+  --client-overlay-trusted-types-policy-name <value>  The name of a Trusted Types policy for the overlay. Defaults to 'webpack-dev-server#overlay'.
+  --client-progress                                   Prints compilation progress in percentage in the browser.
+  --no-client-progress                                Does not print compilation progress in percentage in the browser.
+  --client-reconnect [value]                          Tells dev-server the number of times it should try to reconnect the client.
+  --no-client-reconnect                               Tells dev-server to not to try to reconnect the client.
+  --client-web-socket-transport <value>               Allows to set custom web socket transport to communicate with dev server.
+  --client-web-socket-url <value>                     Allows to specify URL to web socket server (useful when you're proxying dev server and client script does not always know where to connect to).
+  --client-web-socket-url-hostname <value>            Tells clients connected to devServer to use the provided hostname.
+  --client-web-socket-url-pathname <value>            Tells clients connected to devServer to use the provided path to connect.
+  --client-web-socket-url-password <value>            Tells clients connected to devServer to use the provided password to authenticate.
+  --client-web-socket-url-port <value>                Tells clients connected to devServer to use the provided port.
+  --client-web-socket-url-protocol <value>            Tells clients connected to devServer to use the provided protocol.
+  --client-web-socket-url-username <value>            Tells clients connected to devServer to use the provided username to authenticate.
+  --compress                                          Enables gzip compression for everything served.
+  --no-compress                                       Disables gzip compression for everything served.
+  --history-api-fallback                              Allows to proxy requests through a specified index page (by default 'index.html'), useful for Single Page Applications that utilise the HTML5 History API.
+  --no-history-api-fallback                           Disallows to proxy requests through a specified index page.
+  --host <value>                                      Allows to specify a hostname to use.
+  --hot [value]                                       Enables Hot Module Replacement.
+  --no-hot                                            Disables Hot Module Replacement.
+  --http2                                             Allows to serve over HTTP/2 using SPDY. Deprecated, use the `server` option.
+  --no-http2                                          Does not serve over HTTP/2 using SPDY.
+  --https                                             Allows to configure the server's listening socket for TLS (by default, dev server will be served over HTTP). Deprecated, use the `server` option.
+  --no-https                                          Disallows to configure the server's listening socket for TLS (by default, dev server will be served over HTTP).
+  --https-passphrase <value>                          Passphrase for a pfx file. Deprecated, use the `server.options.passphrase` option.
+  --https-request-cert                                Request for an SSL certificate. Deprecated, use the `server.options.requestCert` option.
+  --no-https-request-cert                             Does not request for an SSL certificate.
+  --https-ca <value...>                               Path to an SSL CA certificate or content of an SSL CA certificate. Deprecated, use the `server.options.ca` option.
+  --https-ca-reset                                    Clear all items provided in 'https.ca' configuration. Path to an SSL CA certificate or content of an SSL CA certificate. Deprecated, use the `server.options.ca` option.
+  --https-cacert <value...>                           Path to an SSL CA certificate or content of an SSL CA certificate. Deprecated, use the `server.options.ca` option.
+  --https-cacert-reset                                Clear all items provided in 'https.cacert' configuration. Path to an SSL CA certificate or content of an SSL CA certificate. Deprecated, use the `server.options.ca` option.
+  --https-cert <value...>                             Path to an SSL certificate or content of an SSL certificate. Deprecated, use the `server.options.cert` option.
+  --https-cert-reset                                  Clear all items provided in 'https.cert' configuration. Path to an SSL certificate or content of an SSL certificate. Deprecated, use the `server.options.cert` option.
+  --https-crl <value...>                              Path to PEM formatted CRLs (Certificate Revocation Lists) or content of PEM formatted CRLs (Certificate Revocation Lists). Deprecated, use the `server.options.crl` option.
+  --https-crl-reset                                   Clear all items provided in 'https.crl' configuration. Path to PEM formatted CRLs (Certificate Revocation Lists) or content of PEM formatted CRLs (Certificate Revocation Lists). Deprecated, use the `server.options.crl` option.
+  --https-key <value...>                              Path to an SSL key or content of an SSL key. Deprecated, use the `server.options.key` option.
+  --https-key-reset                                   Clear all items provided in 'https.key' configuration. Path to an SSL key or content of an SSL key. Deprecated, use the `server.options.key` option.
+  --https-pfx <value...>                              Path to an SSL pfx file or content of an SSL pfx file. Deprecated, use the `server.options.pfx` option.
+  --https-pfx-reset                                   Clear all items provided in 'https.pfx' configuration. Path to an SSL pfx file or content of an SSL pfx file. Deprecated, use the `server.options.pfx` option.
+  --ipc [value]                                       Listen to a unix socket.
+  --live-reload                                       Enables reload/refresh the page(s) when file changes are detected (enabled by default).
+  --no-live-reload                                    Disables reload/refresh the page(s) when file changes are detected (enabled by default).
+  --magic-html                                        Tells dev-server whether to enable magic HTML routes (routes corresponding to your webpack output, for example '/main' for 'main.js').
+  --no-magic-html                                     Disables magic HTML routes (routes corresponding to your webpack output, for example '/main' for 'main.js').
+  --open [value...]                                   Allows to configure dev server to open the browser(s) and page(s) after server had been started (set it to true to open your default browser).
+  --no-open                                           Does not open the default browser.
+  --open-target <value...>                            Opens specified page in browser.
+  --open-app-name <value...>                          Open specified browser.
+  --open-app <value...>                               Open specified browser. Deprecated: please use '--open-app-name'.
+  --open-reset                                        Clear all items provided in 'open' configuration. Allows to configure dev server to open the browser(s) and page(s) after server had been started (set it to true to open your default browser).
+  --open-target-reset                                 Clear all items provided in 'open.target' configuration. Opens specified page in browser.
+  --open-app-name-reset                               Clear all items provided in 'open.app.name' configuration. Open specified browser.
+  --port <value>                                      Allows to specify a port to use.
+  --server-type <value>                               Allows to set server and options (by default 'http').
+  --server-options-passphrase <value>                 Passphrase for a pfx file.
+  --server-options-request-cert                       Request for an SSL certificate.
+  --no-server-options-request-cert                    Does not request for an SSL certificate.
+  --server-options-ca <value...>                      Path to an SSL CA certificate or content of an SSL CA certificate.
+  --server-options-ca-reset                           Clear all items provided in 'server.options.ca' configuration. Path to an SSL CA certificate or content of an SSL CA certificate.
+  --server-options-cacert <value...>                  Path to an SSL CA certificate or content of an SSL CA certificate. Deprecated, use the `server.options.ca` option.
+  --server-options-cacert-reset                       Clear all items provided in 'server.options.cacert' configuration. Path to an SSL CA certificate or content of an SSL CA certificate. Deprecated, use the `server.options.ca` option.
+  --server-options-cert <value...>                    Path to an SSL certificate or content of an SSL certificate.
+  --server-options-cert-reset                         Clear all items provided in 'server.options.cert' configuration. Path to an SSL certificate or content of an SSL certificate.
+  --server-options-crl <value...>                     Path to PEM formatted CRLs (Certificate Revocation Lists) or content of PEM formatted CRLs (Certificate Revocation Lists).
+  --server-options-crl-reset                          Clear all items provided in 'server.options.crl' configuration. Path to PEM formatted CRLs (Certificate Revocation Lists) or content of PEM formatted CRLs (Certificate Revocation Lists).
+  --server-options-key <value...>                     Path to an SSL key or content of an SSL key.
+  --server-options-key-reset                          Clear all items provided in 'server.options.key' configuration. Path to an SSL key or content of an SSL key.
+  --server-options-pfx <value...>                     Path to an SSL pfx file or content of an SSL pfx file.
+  --server-options-pfx-reset                          Clear all items provided in 'server.options.pfx' configuration. Path to an SSL pfx file or content of an SSL pfx file.
+  --static [value...]                                 Allows to configure options for serving static files from directory (by default 'public' directory).
+  --no-static                                         Disallows to configure options for serving static files from directory.
+  --static-directory <value...>                       Directory for static contents.
+  --static-public-path <value...>                     The static files will be available in the browser under this public path.
+  --static-serve-index                                Tells dev server to use serveIndex middleware when enabled.
+  --no-static-serve-index                             Does not tell dev server to use serveIndex middleware.
+  --static-watch                                      Watches for files in static content directory.
+  --no-static-watch                                   Does not watch for files in static content directory.
+  --static-reset                                      Clear all items provided in 'static' configuration. Allows to configure options for serving static files from directory (by default 'public' directory).
+  --static-public-path-reset                          Clear all items provided in 'static.publicPath' configuration. The static files will be available in the browser under this public path.
+  --watch-files <value...>                            Allows to configure list of globs/directories/files to watch for file changes.
+  --watch-files-reset                                 Clear all items provided in 'watchFiles' configuration. Allows to configure list of globs/directories/files to watch for file changes.
+  --web-socket-server <value>                         Deprecated: please use '--web-socket-server-type' option. Allows to set web socket server and options (by default 'ws').
+  --no-web-socket-server                              Disallows to set web socket server and options.
+  --web-socket-server-type <value>                    Allows to set web socket server and options (by default 'ws').
 
 Global options:
-  --color                                   Enable colors on console.
-  --no-color                                Disable colors on console.
-  -v, --version                             Output the version number of 'webpack', 'webpack-cli' and 'webpack-dev-server' and commands.
-  -h, --help [verbose]                      Display help for commands and options.
+  --color                                             Enable colors on console.
+  --no-color                                          Disable colors on console.
+  -v, --version                                       Output the version number of 'webpack', 'webpack-cli' and 'webpack-dev-server' and commands.
+  -h, --help [verbose]                                Display help for commands and options.
 
 To see list of all supported commands and options run 'webpack --help=verbose'.
 
@@ -241,7 +231,7 @@ And run the following in your terminal/console:
 npm run serve
 ```
 
-NPM will automagically reference the binary in `node_modules` for you, and
+NPM will automatically refer to the the binary in `node_modules` for you, and
 execute the file or command.
 
 ### With the API

package/bin/cli-flags.js

@@ -121,6 +121,21 @@ module.exports = {
     simpleType: "boolean",
     multiple: false,
   },
+  "client-overlay-trusted-types-policy-name": {
+    configs: [
+      {
+        description:
+          "The name of a Trusted Types policy for the overlay. Defaults to 'webpack-dev-server#overlay'.",
+        multiple: false,
+        path: "client.overlay.trustedTypesPolicyName",
+        type: "string",
+      },
+    ],
+    description:
+      "The name of a Trusted Types policy for the overlay. Defaults to 'webpack-dev-server#overlay'.",
+    multiple: false,
+    simpleType: "string",
+  },
   "client-overlay-warnings": {
     configs: [
       {

package/client/index.js

@@ -14,7 +14,7 @@ import createSocketURL from "./utils/createSocketURL.js";
  * @property {boolean} hot
  * @property {boolean} liveReload
  * @property {boolean} progress
- * @property {boolean | { warnings?: boolean, errors?: boolean }} overlay
+ * @property {boolean | { warnings?: boolean, errors?: boolean, trustedTypesPolicyName?: string }} overlay
  * @property {string} [logging]
  * @property {number} [reconnect]
  */
@@ -216,7 +216,8 @@ var onSocketMessage = {
     var needShowOverlayForWarnings = typeof options.overlay === "boolean" ? options.overlay : options.overlay && options.overlay.warnings;
 
     if (needShowOverlayForWarnings) {
-      show("warning", _warnings);
+      var trustedTypesPolicyName = typeof options.overlay === "object" && options.overlay.trustedTypesPolicyName;
+      show("warning", _warnings, trustedTypesPolicyName || null);
     }
 
     if (params && params.preventReloading) {
@@ -249,7 +250,8 @@ var onSocketMessage = {
     var needShowOverlayForErrors = typeof options.overlay === "boolean" ? options.overlay : options.overlay && options.overlay.errors;
 
     if (needShowOverlayForErrors) {
-      show("error", _errors);
+      var trustedTypesPolicyName = typeof options.overlay === "object" && options.overlay.trustedTypesPolicyName;
+      show("error", _errors, trustedTypesPolicyName || null);
     }
   },
 

package/client/modules/logger/index.js

@@ -688,7 +688,7 @@ module.exports = function (_ref) {
 
 
 function _extends() {
-  _extends = Object.assign || function (target) {
+  _extends = Object.assign ? Object.assign.bind() : function (target) {
     for (var i = 1; i < arguments.length; i++) {
       var source = arguments[i];
 
@@ -701,7 +701,6 @@ function _extends() {
 
     return target;
   };
-
   return _extends.apply(this, arguments);
 }
 

package/client/modules/sockjs-client/index.js

@@ -4566,7 +4566,7 @@ module.exports = {
   \***************************************************/
 /***/ (function(module) {
 
-module.exports = '1.6.0';
+module.exports = '1.6.1';
 
 /***/ }),
 

package/client/overlay.js

@@ -23,9 +23,24 @@ var containerElement;
 /** @type {Array<(element: HTMLDivElement) => void>} */
 
 var onLoadQueue = [];
+/** @type {TrustedTypePolicy | undefined} */
+
+var overlayTrustedTypesPolicy;
 ansiHTML.setColors(colors);
+/**
+ * @param {string | null} trustedTypesPolicyName
+ */
+
+function createContainer(trustedTypesPolicyName) {
+  // Enable Trusted Types if they are available in the current browser.
+  if (window.trustedTypes) {
+    overlayTrustedTypesPolicy = window.trustedTypes.createPolicy(trustedTypesPolicyName || "webpack-dev-server#overlay", {
+      createHTML: function createHTML(value) {
+        return value;
+      }
+    });
+  }
 
-function createContainer() {
   iframeContainerElement = document.createElement("iframe");
   iframeContainerElement.id = "webpack-dev-server-client-overlay";
   iframeContainerElement.src = "about:blank";
@@ -101,10 +116,11 @@ function createContainer() {
 }
 /**
  * @param {(element: HTMLDivElement) => void} callback
+ * @param {string | null} trustedTypesPolicyName
  */
 
 
-function ensureOverlayExists(callback) {
+function ensureOverlayExists(callback, trustedTypesPolicyName) {
   if (containerElement) {
     // Everything is ready, call the callback right away.
     callback(containerElement);
@@ -117,7 +133,7 @@ function ensureOverlayExists(callback) {
     return;
   }
 
-  createContainer();
+  createContainer(trustedTypesPolicyName);
 } // Successful compilation.
 
 
@@ -162,10 +178,11 @@ function formatProblem(type, item) {
 /**
  * @param {string} type
  * @param {Array<string  | { file?: string, moduleName?: string, loc?: string, message?: string }>} messages
+ * @param {string | null} trustedTypesPolicyName
  */
 
 
-function show(type, messages) {
+function show(type, messages, trustedTypesPolicyName) {
   ensureOverlayExists(function () {
     messages.forEach(function (message) {
       var entryElement = document.createElement("div");
@@ -180,7 +197,7 @@ function show(type, messages) {
 
       var text = ansiHTML(encode(body));
       var messageTextNode = document.createElement("div");
-      messageTextNode.innerHTML = text;
+      messageTextNode.innerHTML = overlayTrustedTypesPolicy ? overlayTrustedTypesPolicy.createHTML(text) : text;
       entryElement.appendChild(typeElement);
       entryElement.appendChild(document.createElement("br"));
       entryElement.appendChild(document.createElement("br"));
@@ -191,7 +208,7 @@ function show(type, messages) {
 
       containerElement.appendChild(entryElement);
     });
-  });
+  }, trustedTypesPolicyName);
 }
 
 export { formatProblem, show, hide };

package/client/utils/createSocketURL.js

@@ -5,7 +5,7 @@
 function format(objURL) {
   var protocol = objURL.protocol || "";
 
-  if (protocol && !protocol.endsWith(":")) {
+  if (protocol && protocol.substr(-1) !== ":") {
     protocol += ":";
   }
 

package/lib/Server.js

@@ -385,17 +385,17 @@ class Server {
 
   /**
    * @param {Port} port
+   * @param {string} host
    * @returns {Promise<number | string>}
    */
-  static async getFreePort(port) {
+  static async getFreePort(port, host) {
     if (typeof port !== "undefined" && port !== null && port !== "auto") {
       return port;
     }
 
     const pRetry = require("p-retry");
-    const portfinder = require("portfinder");
-
-    portfinder.basePort =
+    const getPort = require("./getPort");
+    const basePort =
       typeof process.env.WEBPACK_DEV_SERVER_BASE_PORT !== "undefined"
         ? parseInt(process.env.WEBPACK_DEV_SERVER_BASE_PORT, 10)
         : 8080;
@@ -407,7 +407,7 @@ class Server {
         ? parseInt(process.env.WEBPACK_DEV_SERVER_PORT_RETRY, 10)
         : 3;
 
-    return pRetry(() => portfinder.getPortPromise(), {
+    return pRetry(() => getPort(basePort, host), {
       retries: defaultPortRetry,
     });
   }
@@ -3201,7 +3201,8 @@ class Server {
         /** @type {Host} */ (this.options.host)
       );
       this.options.port = await Server.getFreePort(
-        /** @type {Port} */ (this.options.port)
+        /** @type {Port} */ (this.options.port),
+        this.options.host
       );
     }