Backport security fixes from v5.2.1 to v4

[nikwen]

Modification Proposal

Some projects are stuck on webpack-dev-server v4 because they have to support old Node.js versions.

v4 is still used by a large number of users. During the last 7 days, v4.15.2 alone received 3,356,309 downloads.

Expected Behavior / Situation

It would be great to have the security fixes from v5.2.1 backported to v4 and released as v4.15.3.

Actual Behavior / Situation

v4 currently does not have the security fixes. Millions of users are exposed to security vulnerabilities.

Please paste the results of npx webpack-cli info here, and mention other relevant information

  System:
    OS: macOS 15.5
    CPU: (8) arm64 Apple M1
    Memory: 212.97 MB / 16.00 GB
  Binaries:
    Node: 22.16.0 - /usr/local/bin/node
    Yarn: 1.22.19 - /opt/homebrew/bin/yarn
    npm: 10.9.2 - /usr/local/bin/npm
  Browsers:
    Brave Browser: 118.1.59.122
    Chrome: 137.0.7151.69
    Safari: 18.5

[MrBMT]

There's already a PR for this: #5514 though it looks like there may be further changes needed