[Snyk] Upgrade webpack from 4.41.2 to 4.42.0

[snyk-bot]

Snyk has created this PR to upgrade webpack from 4.41.2 to 4.42.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 5 versions ahead of your current version.
• The recommended version was released a month ago, on 2020-03-02.

The recommended version fixes:

Severity	Issue	Exploit Maturity
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	No Known Exploit
	Timing Attack SNYK-JS-ELLIPTIC-511941	No Known Exploit

Release notes

Package name: webpack

• 4.42.0 - 2020-03-02
  

  Bugfixes

  • Disable constant replacements in "use asm" scope
  • Update schema to disallow functions for output.hotUpdateChunkFilename as this doesn't work
  • Hoist exports in concatenated module to handle circular references with non-concatenated modules correctly
  • Flag all modules as used in DLLs to fix missing exports
• 4.41.6 - 2020-02-11
  

  Bugfixes

  • Windows network paths are considered as absolute paths
  • fix hanging of FlagDependencyExportsPlugin when using export * in a circular matter
• 4.41.5 - 2019-12-27
  

  Bugfixes

  • handle relative paths with webpack:// prefix in SourceMaps correctly
  • fixes a non-determinism about providedExports with export * which caused changing module hashes and unnecessary HMR invalidation
• 4.41.4 - 2019-12-19
  

  Bugfixes

  • fix case where __webpack_require__.e is not a function when using module concatenation
  • fix incorrect imported module when using sideEffects in a certain constellation of export names

  Performance

  • lazy-require Webassembly related modules for improved startup performance
• 4.41.3 - 2019-12-16
  

  Security

  • force upgrade terser-webpack-plugin dependency for security fix (not affecting webpack)

  Funding

  • add npm funding field to package.json
• 4.41.2 - 2019-10-15

from webpack GitHub release notes

Commit messages

Package name: webpack

• 29d851b 4.42.0
• 07a4b28 Merge pull request #10478 from webpack/bugfix/all-modules-dll
• c1aa9d4 flag all modules as used for Dll
• d147689 Merge pull request #10431 from webpack/bugfix/concat-circular-4
• d76761d hoist exports to the top of a concatenated module
• 534d78f Merge pull request #10393 from webpack/schema/disallow-function-hotchunkfilename
• d46ddc2 disallow function for output.hotUpdateChunkFilename
• 95409bd Merge pull request #10294 from ngg/asmjs-4
• 71be3bf 4.41.6
• 7a30012 spacing
• 284e97f add detectStrictMode method for backward-compat
• 0b8ef22 Merge pull request #10344 from webpack/bugfix/hang-circular-reexport
• 614ea54 only retrigger flagging exports in dependencies when exports really changed
• a7a07bc do not evaluate constants in asm.js, fix IIFE mode detection
• 627510d Merge pull request #10255 from jeffin143/fix-10247
• e826575 correct windows paths must use \ and not /
• 5e9f083 Merge pull request #10240 from jeffin143/fix-10217
• d8c74b6 fix: better handle absolute paths
• ef73991 update webpackOption.d.ts
• 2101892 add chunkid declaration
• 4bb706f Fix lint issue
• 2394136 added variable declarations in files where required
• 148c4be get rid of some hacks in declarations file for webpack-4
• 45ecebc 4.41.5

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs