build(deps-dev): bump webpack-dev-server and @rspack/cli

[dependabot]

Bumps webpack-dev-server and @rspack/cli. These dependencies needed to be updated together.
Updates webpack-dev-server from 5.2.3 to 5.2.4

Release notes

Sourced from webpack-dev-server's releases.

v5.2.4

5.2.4 (2026-05-11)

Bug Fixes

• set Cross-Origin-Resource-Policy header to prevent source code theft over HTTP

Changelog

Sourced from webpack-dev-server's changelog.

5.2.4 (2026-05-11)

Bug Fixes

• set Cross-Origin-Resource-Policy header to prevent source code theft over HTTP

Commits

• fd40130 chore(release): 5.2.4
• ece4f36 chore: update deps (#5661)
• a216144 ci: fix test (#5658)
• df073c5 Merge commit from fork
• See full diff in compare view

Updates @rspack/cli from 1.7.10 to 2.0.3

Release notes

Sourced from @​rspack/cli's releases.

v2.0.3

What's Changed

Performance Improvements ⚡

• perf: reduce normal module creation and rule matching overhead by @​LingyuCoder in web-infra-dev/rspack#13926
• perf: disable perfetto tracing in release binding by @​hardfist in web-infra-dev/rspack#13932
• perf: reduce parser dependency bookkeeping overhead by @​LingyuCoder in web-infra-dev/rspack#13936
• perf: reduce code splitter allocation and lookup overhead by @​LingyuCoder in web-infra-dev/rspack#13968

New Features 🎉

• feat: expose dependency import attributes by @​hardfist in web-infra-dev/rspack#13947
• feat(rsc): support configurable CSS link props by @​SyMind in web-infra-dev/rspack#13945
• feat(externals): add modern-module externals type by @​JSerFeng in web-infra-dev/rspack#13861
• feat: support import.meta.rspackRsc by @​SyMind in web-infra-dev/rspack#13840
• feat: drop inactive branch dependencies for inlined booleans by @​JSerFeng in web-infra-dev/rspack#13863
• feat(sourcemap): support relative paths in inline source maps by @​SyMind in web-infra-dev/rspack#13974

Bug Fixes 🐞

• fix(cli): use rspack-merge for config extends by @​intellild in web-infra-dev/rspack#13869
• fix(deps): revert mimalloc update by @​hardfist in web-infra-dev/rspack#13942
• fix(hash): fix base64 digest and hash salt by @​intellild in web-infra-dev/rspack#13977
• fix: align sync module rule resource matching by @​LingyuCoder in web-infra-dev/rspack#13981
• fix(ci): avoid browser e2e watcher by @​hardfist in web-infra-dev/rspack#13987

Refactor 🔨

• refactor(rstest): expose injectDynamicImportOrigin.functionName and resolve callee once by @​fi3ework in web-infra-dev/rspack#13930
• refactor: use rspack util base64 by @​intellild in web-infra-dev/rspack#13978
• refactor(core): remove unused exports final name metadata by @​LingyuCoder in web-infra-dev/rspack#14003

Document Updates 📖

• docs: replace webpack-merge references with rspack-merge by @​intellild in web-infra-dev/rspack#13933
• docs: correct terminology spelling by @​chenjiahan in web-infra-dev/rspack#13964
• docs: update HTML plugin guide by @​chenjiahan in web-infra-dev/rspack#13970
• docs(externals): add modern-module externals example by @​JSerFeng in web-infra-dev/rspack#13979
• docs: update NestJS guide by @​intellild in web-infra-dev/rspack#13976
• docs: invite @​intellild to Rspack core team by @​chenjiahan in web-infra-dev/rspack#13986
• docs: add Node app guide by @​intellild in web-infra-dev/rspack#13995

Other Changes

• chore: release v2.0.2 by @​SyMind in web-infra-dev/rspack#13922
• chore(benchmark): remove swc loader from threejs case by @​hardfist in web-infra-dev/rspack#13881
• ci: upload codspeed valgrind temp files by @​hardfist in web-infra-dev/rspack#13879
• chore: bump rslint to 0.5.2 by @​fansenze in web-infra-dev/rspack#13931
• chore: enable Rslint for more packages and fix lint issues by @​chenjiahan in web-infra-dev/rspack#13934
• chore: enable Rslint JS recommended rules by @​chenjiahan in web-infra-dev/rspack#13938
• chore: disable renovate updates for mimalloc by @​hardfist in web-infra-dev/rspack#13949
• ci: remove unused team label workflow by @​chenjiahan in web-infra-dev/rspack#13950
• test: configure rayon for codspeed benchmarks by @​hardfist in web-infra-dev/rspack#13954
• chore(deps): update patch npm dependencies by @​renovate[bot] in web-infra-dev/rspack#13959
• chore(deps): update rust crate tokio to 1.52.3 by @​renovate[bot] in web-infra-dev/rspack#13961
• chore(deps): update pnpm to v10.33.4 by @​renovate[bot] in web-infra-dev/rspack#13960
• chore: enable tsgo for dts generation by @​chenjiahan in web-infra-dev/rspack#13952
• test(benchmark): disable spawn blocking for codspeed by @​hardfist in web-infra-dev/rspack#13958
• chore: use mimalloc for codspeed benchmark allocator by @​hardfist in web-infra-dev/rspack#13966

... (truncated)

Commits

• 9da7d0b chore(release): release 2.0.3
• ed2742a chore: enable tsgo for dts generation (#13952)
• 3998196 chore(deps): update patch npm dependencies (#13959)
• 45e3a8a chore: enable Rslint for more packages and fix lint issues (#13934)
• 5a0506f perf: disable perfetto tracing in release binding (#13932)
• 24fc397 chore: release v2.0.2 (#13922)
• b9788fb fix(cli): use rspack-merge for config extends (#13869)
• 3f77a93 chore(deps): update dependency @​discoveryjs/json-ext to v1 (#13916)
• 4d82714 chore(deps): update dependency exit-hook to v5 (#13906)
• 74c95ed chore: release version 2.0.1 (#13860)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
react-forms	Ready	Preview, Comment	May 20, 2026 10:49am

[dependabot]

Superseded by #1612.