Skip to content

Update Webpack and AWS dependencies to resolve vulnerabilities#6490

Merged
JonnyBurger merged 3 commits intomainfrom
update-deps
Feb 10, 2026
Merged

Update Webpack and AWS dependencies to resolve vulnerabilities#6490
JonnyBurger merged 3 commits intomainfrom
update-deps

Conversation

@JonnyBurger
Copy link
Member

@JonnyBurger JonnyBurger commented Feb 10, 2026

Fixes #6488

Copilot AI review requested due to automatic review settings February 10, 2026 08:21
@vercel
Copy link
Contributor

vercel bot commented Feb 10, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
bugs Ready Ready Preview, Comment Feb 10, 2026 9:12am
1 Skipped Deployment
Project Deployment Actions Updated (UTC)
remotion Skipped Skipped Feb 10, 2026 9:12am

Request Review

Copilot AI reviewed Feb 10, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates dependency versions across the Remotion monorepo to address reported vulnerabilities (Fixes #6488), primarily by bumping AWS SDK v3 packages and Webpack, plus a small TypeScript typing adjustment to accommodate updated Webpack typings.

Changes:

  • Bump AWS SDK dependencies (notably @aws-sdk/client-s3 and related catalog entries) to newer patched versions.
  • Upgrade Webpack from 5.96.1 to 5.105.0 in several packages that develop/build against it.
  • Adjust bundler code typing for the Webpack invocation result (MultiStats | undefined).

Reviewed changes

Copilot reviewed 9 out of 10 changed files in this pull request and generated no comments.

Show a summary per file
File Description
packages/template-tts-azure/package.json Bumps @aws-sdk/client-s3 to a patched version for the template.
packages/template-still/package.json Bumps @aws-sdk/client-s3 to a patched version for the template.
packages/player/package.json Upgrades Webpack devDependency to 5.105.0.
packages/gif/package.json Upgrades Webpack devDependency to 5.105.0.
packages/core/package.json Upgrades Webpack devDependency to 5.105.0 for core package tooling.
packages/bundler/src/bundle.ts Updates TypeScript typing for the promisified Webpack call result.
packages/bundler/package.json Upgrades bundler’s Webpack dependency to 5.105.0.
packages/babel-loader/package.json Upgrades babel-loader package’s Webpack dependency to 5.105.0.
package.json Updates Bun workspaces.catalog AWS SDK versions used by workspace packages.

@vercel vercel bot temporarily deployed to Preview – remotion February 10, 2026 09:03 Inactive
@vercel vercel bot temporarily deployed to Preview – remotion February 10, 2026 09:06 Inactive
@JonnyBurger JonnyBurger merged commit d9952b5 into main Feb 10, 2026
13 of 14 checks passed
@JonnyBurger JonnyBurger deleted the update-deps branch February 10, 2026 09:22
@almostkareem
Copy link

almostkareem commented Feb 10, 2026

Hello thanks for quick fix, how can I apply it to my project .
Thanks

@JonnyBurger
Copy link
Member Author

JonnyBurger commented Feb 10, 2026

Thanks for reporting, wait for the next version!

4.0.421

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Package depends on vulnerable sdks

2 participants

@JonnyBurger @almostkareem

Comments