New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update dependency webpack to v5.76.0 [security] #80
Open
renovate
wants to merge
1
commit into
master
Choose a base branch
from
renovate/npm-webpack-vulnerability
base: master
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
3 times, most recently
from
March 27, 2023 18:52
2a73b43
to
0679d79
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
2 times, most recently
from
April 4, 2023 18:58
44027ad
to
f9d48b6
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
2 times, most recently
from
April 18, 2023 09:48
38128b8
to
c249cc6
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
4 times, most recently
from
May 4, 2023 09:20
a673bc5
to
14e1182
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
May 8, 2023 14:05
14e1182
to
b718abd
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
2 times, most recently
from
May 20, 2023 09:52
19b04e2
to
07e9721
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
2 times, most recently
from
May 28, 2023 11:00
015900e
to
4854881
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
June 4, 2023 12:47
4854881
to
de092b9
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
2 times, most recently
from
June 18, 2023 09:23
1076f5b
to
e0a8bc1
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
June 29, 2023 08:53
e0a8bc1
to
aa2dbec
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
2 times, most recently
from
July 9, 2023 09:41
06d3f78
to
14134d4
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
2 times, most recently
from
July 19, 2023 11:54
6319d96
to
bb668f5
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
2 times, most recently
from
August 1, 2023 16:10
23512b3
to
17d1d09
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
August 9, 2023 14:06
17d1d09
to
8dcd8b6
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
2 times, most recently
from
August 27, 2023 11:48
4331d84
to
e5b7627
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
September 19, 2023 14:39
e5b7627
to
828109d
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
2 times, most recently
from
September 28, 2023 12:43
9a2771f
to
25b27eb
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
2 times, most recently
from
October 15, 2023 16:23
4ab07c2
to
fa1e31d
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
October 23, 2023 15:49
fa1e31d
to
20cd435
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
November 6, 2023 07:25
20cd435
to
0f991ef
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
November 16, 2023 14:21
0f991ef
to
81998d1
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
2 times, most recently
from
December 3, 2023 12:58
537c637
to
c38f674
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
2 times, most recently
from
February 4, 2024 09:15
10c2c53
to
ae8ade5
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
February 25, 2024 10:28
ae8ade5
to
8a59fad
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
March 12, 2024 12:57
8a59fad
to
ddd6871
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
2 times, most recently
from
March 24, 2024 16:10
2871f6b
to
be2513c
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
2 times, most recently
from
April 21, 2024 08:52
ea6cca3
to
6874add
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
April 25, 2024 09:48
6874add
to
1e8fba5
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
April 26, 2024 14:03
1e8fba5
to
5d65f91
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
5.50.0
->5.76.0
GitHub Vulnerability Alerts
CVE-2023-28154
Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.
Release Notes
webpack/webpack (webpack)
v5.76.0
Compare Source
Bugfixes
generatedCode
info to fix bug in asset module cache restoration by @ryanwilsonperkin in https://github.com/webpack/webpack/pull/16703hashRegExp
lookup by @ryanwilsonperkin in https://github.com/webpack/webpack/pull/16759Features
target
toLoaderContext
type by @askoufis in https://github.com/webpack/webpack/pull/16781Security
Repo Changes
New Contributors
Full Changelog: webpack/webpack@v5.75.0...v5.76.0
v5.75.0
Compare Source
Bugfixes
experiments.*
normalize tofalse
when opt-outNaN%
window
before trying to access iteval-nosources-*
actually exclude sourcesFeatures
@import
to extenal CSS when using experimental CSS in nodei64
support to the deprecated WASM implementationDeveloper Experience
EnableWasmLoadingPlugin
v5.74.0
Compare Source
Features
resolve.extensionAlias
option which allows to alias extensions.js
extension to imports when the file really has a.ts
extension (typescript +"type": "module"
)ProvidePlugin
Bugfixes
shareScope
option forModuleFederationPlugin
"use-credentials"
also for same origin scriptsPerformance
Extensibility
HarmonyImportDependency
for pluginsv5.73.0
Compare Source
Features
dynamicImportMode
and prefetch and preloadimport { createRequire } from "module"
in source codeBugfixes
return"field"in Module
Developer Experience
PathData
in typingsv5.72.1
Compare Source
Bugfixes
__webpack_nonce__
with HMRin
operator in some casesthis.importModule
v5.72.0
Compare Source
Features
Bugfixes
in
operator with nested exportsv5.71.0
Compare Source
Features
uniqueName
when using aoutput.library
which includes placeholdersin
of a imported bindingBugfixes
chunkLoading
option in module moduleevaluateExpression
returnsnull
lazy-once
Context modulesrunAsChild
callbackv5.70.0
Compare Source
Features
baseUri
toentry
options to configure a static base uri (the base ofnew URL()
)__webpack_exports_info__.name.canMangle
experiments.buildHttp
import.meta.webpackContext
as ESM alternative torequire.context
Bugfixes
global
to a variableexperiments.outputModule
andloaderContext.importModule
with multiple chunksoutput.clean
will keep HMR assets for at least 10s to allow HMR to access them even when compilation is faster then the browserPerformance
Developer Experience
Contributing
v5.69.1
Compare Source
Revert
v5.69.0
Compare Source
Features
resolve.alias
orresolve.modules
) when creating an context moduleutil/types
to node.js built-in modules__webpack_exports_info__.<name>.canMangle
apiBugfixes
stage
option when instrumenting plugins for the ProfilingPlugin#
in paths of loadersexperiments.buildHttp
Contributing
Developer Experience
v5.68.0
Compare Source
Features
__webpack_module__
and__webpack_module__.id
to the apiBugfixes
v5.67.0
Compare Source
Features
experiments.css
SyncModuleIdsPlugin
to sync module ids between server and client compilationDeterministicModuleIdsPlugin
to allow to generate equal idsDeveloper Experience
null
to errors in callbacksBugfixes
experiments.css
|
webpack-hot-middleware/client
from lazy compilationContributing
v5.66.0
Compare Source
Features
output.library.type: "commonjs-static"
to emit a statically analyse-able commonjs module (for node.js esm interop support)experiments.css
(very experimental)Bugfixes
experiments.lazyCompilation
[absolute-resource-path]
for SourceMap module namingPerformance
watchOptions.aggregateTimeout
to 20msv5.65.0
Compare Source
Features
undefined
nowBugfixes
singleton
flag withoutrequiredVersion
in Module Federationwatchpack
for context time info bugfixPerformance
Developer Experience
output.globalObject
contains a non-trival expressionscript
type external with invalid syntaxResolver
,StatsOptions
andResolvePluginInstance
Preparations for the future
hashDigestLength
will default to 16 in webpack 6 (experiments.futureDefaults
)v5.64.4
Compare Source
Bugfixes
Performance
Developer Experience
v5.64.3
Compare Source
Performance
Infinity
is used in configurationv5.64.2
Compare Source
Bugfixes
v5.64.1
Compare Source
Bugfixes
require(...).property
inrequire.ensure
output.clean: true
unsafeCache
withinmanagedPaths
(node_modules)v5.64.0
Compare Source
Features
asyncChunks: boolean
option to disable creation of async chunksBugfixes
experiments.backCompat: false
Performance
v5.63.0
Compare Source
Features
chunkLoading: false
to disable on-demand loadingBugfixes
import 'single-quote'
in esm build dependenciesv5.62.2
Compare Source
Bugfixes
__system_context__
injection when using thelibrary
option on entrypointexportsPresence: "error"
by default infutureDefaults
exportPresence
->exportsPresence
typoexperiments.cacheUnaffected
v5.62.1
Compare Source
Bugfix
;
v5.62.0
Compare Source
Features
parser.javascript.reexportExportsPresence: false
allows to disable warnings for non-existing exports during the migration fromexport ... from "..."
toexport type ... from "..."
for type reexports in TypeScriptexperiments.backCompat: false
to disable some expensive deprecations for better performanceBugfixes
['catch']
instead of.catch
for better ES3 supportnew (require("...")).Something()
{ require }
object literalssplitChunks.chunks
option is now correctly used forsplitChunks.fallbackCacheGroup.maxSize
toolisten
option, allow to omitport
Developer Experience
/// <reference types="webpack/module" />
to use the typings in typescript modules"types": [..., "webpack/module"]
in tsconfigv5.61.0
Compare Source
Bugfixes
path
submodules in the node.js default externalsPerformance
Contribution
v5.60.0
Compare Source
Features
experiments.lazyCompilation
. e. g. port, https stuffBugfixes
output.hashFunction
used to persistent caching toobuildDependencies
Set correctly when loaders are added inbeforeLoaders
hookv5.59.1
Compare Source
Bugfixes
experiments.buildHttp
v5.59.0
Compare Source
Features
/*#__PURE__*/
forObject()
in generated codemanaged/immutablePaths
experiments.buildHttp
splitChunks.minSizeReduction
optionBugfixes
waitFor
when modules are unsafe cachedv5.58.2
Compare Source
Bugfixes
Performance
v5.58.1
Compare Source
Bugfixes
.webpack[]
suffix to not execute rulesv5.58.0
Compare Source
Features
diagnostics_channel
to node builtinsPerformance
v5.57.1
Compare Source
Bugfix
v5.57.0
Compare Source
Performance
Bugfixes
v5.56.1
Compare Source
Bugfix
v5.56.0
Compare Source
Performance
v5.55.1
Compare Source
Bugfixes
experiments.cacheUnaffected
v5.55.0
Compare Source
Performance
experiments.cacheUnaffected
module.unsafeCache
v5.54.0
Compare Source
Features
&&
||
and??
output.hashFunction
eval
is used in a moduleBugfixes
Performance
output.hashFunction: "xxhash64"
for a super fast wasm based hash functionexperiments.cacheUnaffected
which caches computations for modules that are unchanged and reference only unchanged modulesv5.53.0
Compare Source
Features
node.__dirname/__filename: "warn-mock"
which warns on usage (will be enabled in webpack 6 by default)Bugfixes
stream/web
to Node.js externalsExperiments
experiments.futureDefaults
to enable defaults for webpack 6v5.52.1
Compare Source
Performance
v5.52.0
Compare Source
Feature
experiments.executeModule
is enabled by default and the option is removedthis.importModule
Bugfixes
__WEBPACK_EXTERNAL_MODULE_null__
, which leads to merged externals.webpack[...]
extension is not part of matching and module namev5.51.2
Compare Source
Bugfixes
[contenthash]
is undefined when usingnew Worker
v5.51.1
Compare Source
Bugfixes
library: "module"
propages top-level-await correctlyv5.51.0
Compare Source
Bugfixes
yarn link
ing of dependencies.Compilation.addModuleChain
andCompilation.addModuleTree
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.