🚨 [security] [userscripts] Update webpack 5.39.1 → 5.91.0 (minor) #52
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![depfu[bot]](https://avatars.githubusercontent.com/in/715?s=60&v=4){kind=small}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ webpack (5.39.1 → 5.91.0) · Repo
Security Advisories 🚨
🚨 Cross-realm object access in Webpack 5
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Sorry, we couldn't find anything useful about this release.
Sorry, we couldn't find anything useful about this release.
Sorry, we couldn't find anything useful about this release.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Commits
See the full diff on Github. The new version differs by 2 commits:
1.4.714generate new versionRelease Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
3.1.2
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 4 commits:
3.1.2fix: add "types" conditions (#10)fix(ci): update versionschore: add licenses badgeCommits
See the full diff on Github. The new version differs by 24 commits:
4.2.11Add EBUSY to handled error codes for windows directory renameupdate and improve tests somewhat4.2.10fix spurious ENOTEMPTY in test on windows ciavoid spurious EBUSY in windows CI testsci: output raw tap from testactually fix memory leak test failing spuriouslyfix memory leak test failing spuriouslydo not try to patch missing fs functionsAvoid setPrototypeOf if prototype is undefinedinstall with npm 8fix: fs.readdir() on ancient nodes that don't know about optionschore: add copyright year to licenseci: makework4.2.9fix(stat): support throwIfNoEntry for `statSync`4.2.8fix: start retrying immediately, stop after 60 seconds4.2.7fix: start retrying immediately, stop after 10 attemptschore: refactor readdir to be consistentFix copyFile wrapper when retry hits EMFILE againClarify README.md regarding sync methods (#207)Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Commits
See the full diff on Github. The new version differs by 25 commits:
Release v2.3.1Prepare v2.3.1 releaseUpdate `version`ci(deps): update GitHub Actions workflows to run on Node.js 20 (LTS) (#130)Update dependencies (#128)Fix broken referenceAdd README section for maintainersRelease v2.3.0Rename package.json#name before publishing `punycode.js`Release v2.2.2Update repo URLAdd jsDelivr hits badge (#69)Update mocha dependency (#103)Set up GitHub ActionsAdd test for #115Do not encode DEL (#115)Update browser support section in README (#118)Replace `let` with `const` where applicable (#93)Release v2.2.1Do not decode non-ASCII-alphanumerics in Punycode labels (#124)Release v2.2.0fix: upstream node.js changes (#121)fix: update jsdoc definitions (#120)Fix usage instructions in README (#113)Add LTS Node.js version to CI settings (#92)Commits
See the full diff on Github. The new version differs by 26 commits:
chore(release): 3.3.0feat: added API to disable and enable validation (#183)fix(perf): cache compiled schema (#182)chore(release): 3.2.0feat: implement `undefinedAsNull` keyword for `enum` type (#176)chore(release): 3.1.2fix(perf): reduced initial start time (#170)chore(release): 3.1.1fix: update error message for `integer` (#136)chore: update deps (#137)ci: use `actions/setup-node@v2` (#135)chore(release): 3.1.0refactor: added `link` to other formats (#134)feat: added the `link` property in validation errorbuild(deps): bump handlebars from 4.7.6 to 4.7.7 (#124)build(deps): bump lodash from 4.17.20 to 4.17.21 (#125)chore: update deps (#132)chore: add scripts for fixing lint (#129)chore: update prettier config (#130)chore: update dev-deps (#128)chore: update nodejs.yml (#127)build(deps): bump browserslist from 4.16.3 to 4.16.6 (#126)chore: deps and tests (#122)chore(deps): update (#120)chore: fix typo in ISSUE_TEMPLATE (#117)fix: non-empty validation error message (#116)Release Notes
6.0.2
6.0.1
6.0.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 46 commits:
6.0.2fix: serialize URL string contents to prevent XSS (#173)Bump @babel/traverse from 7.10.1 to 7.23.7 (#171)docs: update readme with URL support (#146)chore: update node version and lock filefix typo (#164)Release v6.0.1 (#157)Fix serialization issue for 0n. (#156)Bump json5 from 2.1.3 to 2.2.3 (#155)Bump mocha from 10.1.0 to 10.2.0 (#153)Bump minimatch from 3.0.4 to 3.1.2 (#152)ci: bump GitHub ActionsBump chai from 4.3.6 to 4.3.7 (#150)Bump mocha from 10.0.0 to 10.1.0 (#149)Bump mocha from 9.2.2 to 10.0.0 (#145)Bump minimist from 1.2.5 to 1.2.6 (#144)Bump mocha from 9.2.0 to 9.2.2 (#143)Bump ansi-regex from 5.0.0 to 5.0.1 (#141)Bump chai from 4.3.4 to 4.3.6 (#140)Bump mocha from 9.1.4 to 9.2.0 (#138)Bump mocha from 9.1.3 to 9.1.4 (#137)Bump mocha from 9.1.2 to 9.1.3 (#133)Bump mocha from 9.1.1 to 9.1.2 (#132)Bump mocha from 9.1.0 to 9.1.1 (#131)Bump mocha from 9.0.3 to 9.1.0 (#130)Bump path-parse from 1.0.6 to 1.0.7 (#129)Bump mocha from 9.0.2 to 9.0.3 (#127)Bump mocha from 9.0.1 to 9.0.2 (#126)v6.0.0Add support for URL's (#123)Bump mocha from 9.0.0 to 9.0.1 (#124)Bump mocha from 8.4.0 to 9.0.0 (#121)Update Node.js CI matrix (#122)Bump mocha from 8.3.2 to 8.4.0 (#120)Bump lodash from 4.17.19 to 4.17.21 (#119)Bump y18n from 4.0.0 to 4.0.1 (#116)Bump chai from 4.3.3 to 4.3.4 (#115)Bump mocha from 8.3.1 to 8.3.2 (#114)Bump mocha from 8.3.0 to 8.3.1 (#113)Bump chai from 4.3.1 to 4.3.3 (#112)Bump chai from 4.2.0 to 4.3.1 (#111)Bump mocha from 8.2.1 to 8.3.0 (#109)Bump mocha from 8.1.3 to 8.2.1 (#105)Drop Travis CI settings (#100)Change default branch name to main (#99)GitHub Aactions (#98)Commits
See the full diff on Github. The new version differs by 11 commits:
0.5.21Merge pull request #257 from brettz9/register-hook-require0.5.20Update built filesAdd back missing unlink callMerge pull request #297 from tapjs/isaacs/do-not-break-on-missing-global-processfix: do not crash if process is not setfix(test): fix writeFileSync on newer node versionsfix: replace build.js curl call with node httpsMerge pull request #282 from evanw/dependabot/npm_and_yarn/http-proxy-1.18.1Bump http-proxy from 1.17.0 to 1.18.1Security Advisories 🚨
🚨 Terser insecure use of regular expressions before v4.8.1 and v5.14.2 leads to ReDoS
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
2.4.1
2.4.0
2.3.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 48 commits:
chore(release): 2.4.1fix: do not report directory as initial missing on the second watchtest: morefix: logicrefactor: remove debug codefix: do not report directory as initial missing on the second watchchore(deps): regenerate lock filerefactor: update scriptsstyle: fixchore(deps): regenerate lock filedocs: fix badgedocs: fix badgeci: migrate on github actionsdocs: update readmeci: fix codecov tokenci: migrate on github actions2.4.0Merge pull request #215 from markjm/markjm/repsect-fs-accuracyrespect FS_ACCURACY2.3.1Merge pull request #212 from webpack/bugfix/context-time-infoadd test caseset file info for directories tooreport time info for directories correctly2.3.0Merge pull request #211 from webpack/bugfix/missing-infofix missing time info in filesMerge pull request #205 from markjm/markjm/splitMerge pull request #210 from webpack/ci/no-macos-pollingMerge branch 'main' into markjm/splitMerge pull request #197 from markjm/markjm/watch-changeprovide additional method instead of changing existing onedisable testing polling for macos ciMerge pull request #208 from webpack/perf/update-watchersrename branch to mainimprove watcher update performancefix typoavoid RegexpLike in favor of a functionMerge pull request #203 from rishabh3112/patch-1Merge pull request #207 from webpack/bugfix/ignore-permission-warningsMerge pull request #206 from markjm/markjm/stabilize-testsavoid EACCES permission errorstest: fix instability in polling testsSupport splitting of files and directories in getTimeInfoEntriesAllow function in watchOptions.ignoredchore: add node v17 in CIMerge pull request #191 from webpack/dependabot/npm_and_yarn/handlebars-4.7.7Merge pull request #192 from webpack/dependabot/npm_and_yarn/lodash-4.17.21Release Notes
3.2.2
3.2.1
3.2.0
3.1.2
3.0.4
3.0.2
3.0.1
3.0.0
2.3.1
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
🆕 @jridgewell/gen-mapping (added, 0.3.5)
🆕 @jridgewell/resolve-uri (added, 3.1.2)
🆕 @jridgewell/set-array (added, 1.2.1)
🆕 @jridgewell/source-map (added, 0.3.6)
🆕 @jridgewell/sourcemap-codec (added, 1.4.15)
🆕 @jridgewell/trace-mapping (added, 0.3.25)
🆕 acorn-import-assertions (added, 1.9.0)
🆕 json-parse-even-better-errors (added, 2.3.1)
🆕 picocolors (added, 1.0.0)
🆕 update-browserslist-db (added, 1.0.13)
🗑️ colorette (removed)
🗑️ json-parse-better-errors (removed)
🗑️ source-list-map (removed)
🗑️ yocto-queue (removed)
👉 No CI detected
You don't seem to have any Continuous Integration service set up!
Without a service that will test the Depfu branches and pull requests, we can't inform you if incoming updates actually work with your app. We think that this degrades the service we're trying to provide down to a point where it is more or less meaningless.
This is fine if you just want to give Depfu a quick try. If you want to really let Depfu help you keep your app up-to-date, we recommend setting up a CI system:
* [Circle CI](https://circleci.com), [Semaphore ](https://semaphoreci.com) and [Github Actions](https://docs.github.com/actions) are all excellent options. * If you use something like Jenkins, make sure that you're using the Github integration correctly so that it reports status data back to Github. * If you have already set up a CI for this repository, you might need to check your configuration. Make sure it will run on all new branches. If you don’t want it to run on every branch, you can whitelist branches starting with `depfu/`.Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase.All Depfu comment commands