chore(deps): update dependency webpack to v5.76.0 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
webpack	5.72.0 -> 5.76.0

GitHub Vulnerability Alerts

CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.

---

Release Notes

webpack/webpack (webpack)

v5.76.0

Compare Source

Bugfixes

• Avoid cross-realm object access by @​Jack-Works in https://github.com/webpack/webpack/pull/16500
• Improve hash performance via conditional initialization by @​lvivski in https://github.com/webpack/webpack/pull/16491
• Serialize generatedCode info to fix bug in asset module cache restoration by @​ryanwilsonperkin in https://github.com/webpack/webpack/pull/16703
• Improve performance of hashRegExp lookup by @​ryanwilsonperkin in https://github.com/webpack/webpack/pull/16759

Features

• add target to LoaderContext type by @​askoufis in https://github.com/webpack/webpack/pull/16781

Security

• CVE-2022-37603 fixed by @​akhilgkrishnan in https://github.com/webpack/webpack/pull/16446

Repo Changes

• Fix HTML5 logo in README by @​jakebailey in https://github.com/webpack/webpack/pull/16614
• Replace TypeScript logo in README by @​jakebailey in https://github.com/webpack/webpack/pull/16613
• Update actions/cache dependencies by @​piwysocki in https://github.com/webpack/webpack/pull/16493

New Contributors

• @​Jack-Works made their first contribution in https://github.com/webpack/webpack/pull/16500
• @​lvivski made their first contribution in https://github.com/webpack/webpack/pull/16491
• @​jakebailey made their first contribution in https://github.com/webpack/webpack/pull/16614
• @​akhilgkrishnan made their first contribution in https://github.com/webpack/webpack/pull/16446
• @​ryanwilsonperkin made their first contribution in https://github.com/webpack/webpack/pull/16703
• @​piwysocki made their first contribution in https://github.com/webpack/webpack/pull/16493
• @​askoufis made their first contribution in https://github.com/webpack/webpack/pull/16781

Full Changelog: webpack/webpack@v5.75.0...v5.76.0

v5.75.0

Compare Source

Bugfixes

• experiments.* normalize to false when opt-out
• avoid NaN%
• show the correct error when using a conflicting chunk name in code
• HMR code tests existance of window before trying to access it
• fix eval-nosources-* actually exclude sources
• fix race condition where no module is returned from processing module
• fix position of standalong semicolon in runtime code

Features

• add support for @import to extenal CSS when using experimental CSS in node
• add i64 support to the deprecated WASM implementation

Developer Experience

• expose EnableWasmLoadingPlugin
• add more typings
• generate getters instead of readonly properties in typings to allow overriding them

v5.74.0

Compare Source

Features

• add resolve.extensionAlias option which allows to alias extensions
  • This is useful when you are forced to add the .js extension to imports when the file really has a .ts extension (typescript + "type": "module")
• add support for ES2022 features like static blocks
• add Tree Shaking support for ProvidePlugin

Bugfixes

• fix persistent cache when some build dependencies are on a different windows drive
• make order of evaluation of side-effect-free modules deterministic between concatenated and non-concatenated modules
• remove left-over from debugging in TLA/async modules runtime code
• remove unneeded extra 1s timestamp offset during watching when files are actually untouched
  • This sometimes caused an additional second build which are not really needed
• fix shareScope option for ModuleFederationPlugin
• set "use-credentials" also for same origin scripts

Performance

• Improve memory usage and performance of aggregating needed files/directories for watching
  • This affects rebuild performance

Extensibility

• export HarmonyImportDependency for plugins

v5.73.0

Compare Source

Features

• add options for default dynamicImportMode and prefetch and preload
• add support for import { createRequire } from "module" in source code

Bugfixes

• fix code generation of e. g. return"field"in Module
• fix performance of large JSON modules
• fix performance of async modules evaluation

Developer Experience

• export PathData in typings
• improve error messages with more details

v5.72.1

Compare Source

Bugfixes

• fix __webpack_nonce__ with HMR
• fix in operator in some cases
• fix json parsing error messages
• fix module concatenation with using this.importModule
• upgrade enhanced-resolve

---

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.