`webpack-dev-server` has a CVE

[nathanlesage]

Pre-flight checklist

• I have read the contribution documentation for this project.
• I agree to follow the code of conduct that this project uses.
• I have searched the issue tracker for a bug that matches the one I want to file, without success.

Forge version

7.10.2

Electron version

39.2.6

Operating system

macOS 26.1

Last known working Forge version

No response

Expected behavior

When running an audit, one discovers that webpack-dev-server up until version 5.2.0 are vulnerable:

Package: webpack-dev-server
  Version(s) <=5.2.0
  webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser (Severity: moderate)
  URL: https://github.com/advisories/GHSA-9jgg-88mc-972h

While this is possibly less relevant in most cases, it might be an easy fix to just update webpack-dev-server. Link to advisory: GHSA-9jgg-88mc-972h

Actual behavior

I don't know if there are any weird inconsistencies when updating the dependency, and unfortunately have little time to test this out myself, that's why I opened this issue rather than proposing a PR outright, which I can't test properly

Steps to reproduce

run npm audit on a package.json that includes somewhere a vulnerable version of webpack-dev-server.

Additional information

I couldn't find a SECURITY file. Also, since I believe this to be benign and the advisory is already a few months old, I decided that opening a public issue is probably not too critical.

[erickzhao]

ref #3948