fix(webpack): migrate to latest version to prevent security vulnerabilities #29755 (#30590)

## Current Behavior
The `@nx/webpack` depends on `webpack` at version `^5.80.0`. Despite the
`^` allowing it to resolve to a higher minor, there has been no
migration to force users onto a higher version.
There is a security vulnerability with version `5.88.0`.

## Expected Behavior
Ensure users are migrated to a version where the security vulnerability
has been fixed.

## Related Issue(s)

Fixes #29755

docs/generated/manifests/nx-api.json

@@ -6107,6 +6107,16 @@
       }
     },
     "migrations": {
+      "/nx-api/webpack/migrations/20.7.1-package-updates": {
+        "description": "",
+        "file": "generated/packages/webpack/migrations/20.7.1-package-updates.json",
+        "hidden": false,
+        "name": "20.7.1-package-updates",
+        "version": "20.7.1-beta.0",
+        "originalFilePath": "/packages/webpack",
+        "path": "/nx-api/webpack/migrations/20.7.1-package-updates",
+        "type": "migration"
+      },
       "/nx-api/webpack/migrations/20.5.0-package-updates": {
         "description": "",
         "file": "generated/packages/webpack/migrations/20.5.0-package-updates.json",

docs/generated/packages-metadata.json

@@ -6070,6 +6070,16 @@
       }
     ],
     "migrations": [
+      {
+        "description": "",
+        "file": "generated/packages/webpack/migrations/20.7.1-package-updates.json",
+        "hidden": false,
+        "name": "20.7.1-package-updates",
+        "version": "20.7.1-beta.0",
+        "originalFilePath": "/packages/webpack",
+        "path": "webpack/migrations/20.7.1-package-updates",
+        "type": "migration"
+      },
       {
         "description": "",
         "file": "generated/packages/webpack/migrations/20.5.0-package-updates.json",

docs/generated/packages/webpack/migrations/20.7.1-package-updates.json

@@ -0,0 +1,18 @@
+{
+  "name": "20.7.1-package-updates",
+  "version": "20.7.1-beta.0",
+  "packages": {
+    "webpack": { "version": "^5.98.0", "alwaysAddToPackageJson": false },
+    "webpack-dev-server": {
+      "version": "^5.2.1",
+      "alwaysAddToPackageJson": false
+    }
+  },
+  "aliases": [],
+  "description": "",
+  "hidden": false,
+  "implementation": "",
+  "path": "/packages/webpack",
+  "schema": null,
+  "type": "migration"
+}

package.json

@@ -312,8 +312,8 @@
     "verdaccio": "6.0.5",
     "vite": "6.2.0",
     "vitest": "3.0.5",
-    "webpack": "5.88.0",
+    "webpack": "5.98.0",
-    "webpack-dev-server": "5.0.4",
+    "webpack-dev-server": "5.2.1",
     "webpack-merge": "^5.8.0",
     "webpack-node-externals": "^3.0.0",
     "webpack-subresource-integrity": "^5.1.0",

packages/angular/src/builders/dev-server/dev-server.impl.ts

@@ -210,7 +210,6 @@ export function executeDevServerBuilder(
                     // This will occur when workspaceDependencies = []
                     if (workspaceDependencies.length > 0) {
                       baseWebpackConfig.plugins.push(
-                        // @ts-expect-error - difference between angular and webpack plugin definitions bc of webpack versions
                         new WebpackNxBuildCoordinationPlugin(
                           `nx run-many --target=${
                             parsedBuildTarget.target

packages/react/plugins/nx-react-webpack-plugin/lib/apply-react-config.ts

@@ -69,7 +69,11 @@ export function applyReactConfig(
 function addHotReload(
   config: Partial<WebpackOptionsNormalized | Configuration>
 ) {
-  if (config.mode === 'development' && config['devServer']?.hot) {
+  if (
+    config.mode === 'development' &&
+    typeof config['devServer'] === 'object' &&
+    config['devServer']?.hot
+  ) {
     // add `react-refresh/babel` to babel loader plugin
     const babelLoader = config.module.rules.find(
       (rule) =>

packages/rspack/src/executors/dev-server/lib/get-dev-server-config.ts

@@ -37,7 +37,6 @@ export function getDevServerOptions(
     },
     onListening(server) {
       const isHttps =
-        server.options.https ||
         (server.options.server as { type: string })?.type === 'https';
       logger.info(
         `NX Web Development Server is listening at ${

packages/webpack/migrations.json

@@ -44,6 +44,19 @@
           "alwaysAddToPackageJson": false
         }
       }
+    },
+    "20.7.1": {
+      "version": "20.7.1-beta.0",
+      "packages": {
+        "webpack": {
+          "version": "^5.98.0",
+          "alwaysAddToPackageJson": false
+        },
+        "webpack-dev-server": {
+          "version": "^5.2.1",
+          "alwaysAddToPackageJson": false
+        }
+      }
     }
   }
 }

packages/webpack/package.json

@@ -62,8 +62,8 @@
     "ts-loader": "^9.3.1",
     "tsconfig-paths-webpack-plugin": "4.0.0",
     "tslib": "^2.3.0",
-    "webpack": "^5.80.0",
+    "webpack": "^5.98.0",
-    "webpack-dev-server": "^5.0.4",
+    "webpack-dev-server": "^5.2.1",
     "webpack-node-externals": "^3.0.0",
     "webpack-subresource-integrity": "^5.1.0",
     "@nx/devkit": "file:../devkit",

packages/webpack/src/generators/convert-to-inferred/utils/serve-post-target-transformer.ts

@@ -213,7 +213,10 @@ function applyDefaults(
   options: WebpackConfigDevServerOptions,
   buildOptions: any
 ) {
-  if (options.port === undefined) {
+  if (!options) {
+    options = {};
+  }
+  if (options?.port === undefined) {
     options.port = 4200;
   }