[Snyk] Upgrade webpack from 5.88.2 to 5.91.0 #10
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade webpack from 5.88.2 to 5.91.0. See this package in npm: webpack See this project in Snyk: https://app.snyk.io/org/mohammadnewton/project/16162bbd-23fc-464a-ae01-f10558367401?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade webpack from 5.88.2 to 5.91.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 6 versions ahead of your current version.
The recommended version was released 2 months ago, on 2024-03-20.
The recommended version fixes:
SNYK-JS-SERIALIZEJAVASCRIPT-6147607
Why? Proof of Concept exploit, CVSS 6.1
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: webpack
-
5.91.0 - 2024-03-20
- Deserializer for ignored modules doesn't crash
- Allow the
- Normalize the
- Fixed
- Fixed resolve's plugins types
- Fixed wrongly calculate postOrderIndex
- Fixed watching types
- Output import attrbiutes/import assertions for external JS imports
- Throw an error when DllPlugin needs to generate multiple manifest files, but the path is the same
- [CSS] Output
- Allow to customize the stage of BannerPlugin
- [CSS] Support CSS exports convention
- [CSS] support CSS local ident name
- [CSS] Support
- [CSS] Support
- [CSS] Allow to use LZW to compress css head meta (enabled in the
- [CSS] Support prefetch/preload for CSS chunks
-
5.90.3 - 2024-02-19
- don't mangle when destructuring a reexport
- types for
- many internal types
- [CSS] clean up export css local vars
- simplify and optimize chunk graph creation
-
5.90.2 - 2024-02-15
- use
- the
- mangle export with destructuring
- use new runtime to reconsider skipped connections
- make dynamic import optional in
- improve auto publicPath detection
- improve CI setup and include Node.js@21
-
5.90.1 - 2024-02-01
- set
- correct
- add fallback for MIME mismatch error in async wasm loading
- browsers versions of ECMA features
- optimize
- optimize
- reuse VM context across webpack magic comments
-
5.90.0 - 2024-01-24
- Fixed inner graph for classes
- Optimized
- Fixed worklet detection in production mode
- Fixed an error for cyclic importModule
- Fixed types for
- Added the
- Don't warn about dynamic import for build dependencies
- External module generation respects the
- Fixed consumimng shared runtime module logic
- Fixed a runtime logic of multiple chunks
- Fixed destructing assignment of dynamic import json file
- Passing errors array for a module hash
- Added
- Generated a library manifest after clean plugin
- Fixed non
- Fixed a bug in
- Fixed an error message for condition
- The
- Clean up child compilation chunk graph to avoid memory leak
- [CSS] - Fixed CSS import prefer relative resolution
- [CSS] - Fixed CSS runtime chunk loading error message
- Allow to set
- Added a warning for async external when not supported
- Added a warning for async module when not supported
- Added the
- Added the
- Exposed the
- [CSS] - Added CSS parser options to enable/disable named exports
- [CSS] - Moved CSS the
- use node.js LTS version for lint
- bump actions/cache from 3 to 4
- bump prettier from 3.2.1 to 3.2.3
- bump assemblyscript
- bump actions/checkout from 3 to 4
-
5.89.0 - 2023-10-13
- Make CommonJS import preserve chained expressions by @ bworline in #17718
- chore(deps-dev): bump @ types/node from 20.3.1 to 20.4.8 by @ dependabot in #17568
- docs: add example for stats detailed output by @ ersachin3112 in #17420
- docs: add example for stats normal output by @ ersachin3112 in #17426
- chore(deps-dev): bump core-js from 3.31.0 to 3.32.0 by @ dependabot in #17539
- chore(deps-dev): bump pretty-format from 29.5.0 to 29.6.2 by @ dependabot in #17536
- chore(deps-dev): bump @ types/node from 20.4.8 to 20.4.9 by @ dependabot in #17583
- chore(deps-dev): bump less from 4.1.3 to 4.2.0 by @ dependabot in #17580
- chore(deps): bump semver from 5.7.1 to 5.7.2 by @ dependabot in #17483
- chore(deps-dev): bump simple-git from 3.19.0 to 3.19.1 by @ dependabot in #17427
- chore(deps-dev): bump @ types/node from 20.4.9 to 20.6.0 by @ dependabot in #17666
-
5.88.2 - 2023-07-18
- Fixed a bug where unused identifiers should retain names when using css modules by @ burhanuday in #17444
from webpack GitHub release notesBug Fixes
unsafeCacheoption to be a proxy objectsnapshot.unmanagedPathsoptionfstypeslayer/supports/mediafor external CSS importsNew Features
__webpack_nonce__for CSS chunksfetchPriorityfor CSS chunksproductionmode by default)Bug Fixes
Stats.toJson()andStats.toString()Perf
Bug Fixes
Math.imulinfnv1a32to avoid loss of precision, directly hash UTF16 valuessetStatus()of the HMR module should not return an array, which may cause infinite recursion__webpack_exports_info__.xxx.canMangleshouldn't always same as defaultactiveStatetry/catchDependencies & Maintenance
Bug Fixes
unmanagedPathsin defaultspreOrderIndexandpostOrderIndexPerformance
compareStringsNumericnumberHashusing 32-bit FNV1a for small ranges, 64-bit for largerBug Fixes
RemoveParentModulesPluginvia bigint arithmeticServerandDirentfetchPriorityto hmr runtime'sensureChunkfunctionoutput.environment.arrowFunctionoption/*#__PURE__*/to generatedJSON.parse()amdexternals andamdlibrarySideEffectsFlagPluginwith namespace re-exportsorstrictModuleErrorHandlingis now workingNew Features
falsefor dev server inwebpack.config.jsnode-moduleoption for thenode.__filename/__dirnameand enable it by default for ESM targetsnapshot.unmanagedPathsoptionMultiCompilerOptionstypeexportsOnlyoption to CSS generator optionsDependencies & Maintenance
Full Changelog: v5.89.0...v5.90.0
New Features
Dependencies & Maintenance
Full Changelog: v5.88.2...v5.89.0
Bug Fixes
Full Changelog: v5.88.1...v5.88.2
Commit messages
Package name: webpack
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs
Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.