[Snyk] Upgrade webpack from 5.89.0 to 5.90.2

[Loonz206]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade webpack from 5.89.0 to 5.90.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 3 versions ahead of your current version.
• The recommended version was released 24 days ago, on 2024-02-15.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	412/1000 Why? Proof of Concept exploit, CVSS 6.1	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: webpack

• 5.90.2 - 2024-02-15
  

  Bug Fixes

  • use Math.imul in fnv1a32 to avoid loss of precision, directly hash UTF16 values
  • the setStatus() of the HMR module should not return an array, which may cause infinite recursion
  • __webpack_exports_info__.xxx.canMangle shouldn't always same as default
  • mangle export with destructuring
  • use new runtime to reconsider skipped connections activeState
  • make dynamic import optional in try/catch
  • improve auto publicPath detection

  Dependencies & Maintenance

  • improve CI setup and include Node.js@21
• 5.90.1 - 2024-02-01
  

  Bug Fixes

  • set unmanagedPaths in defaults
  • correct preOrderIndex and postOrderIndex
  • add fallback for MIME mismatch error in async wasm loading
  • browsers versions of ECMA features

  Performance

  • optimize compareStringsNumeric
  • optimize numberHash using 32-bit FNV1a for small ranges, 64-bit for larger
  • reuse VM context across webpack magic comments
• 5.90.0 - 2024-01-24
  

  Bug Fixes

  • Fixed inner graph for classes
  • Optimized RemoveParentModulesPlugin via bigint arithmetic
  • Fixed worklet detection in production mode
  • Fixed an error for cyclic importModule
  • Fixed types for Server and Dirent
  • Added the fetchPriority to hmr runtime's ensureChunk function
  • Don't warn about dynamic import for build dependencies
  • External module generation respects the output.environment.arrowFunction option
  • Fixed consumimng shared runtime module logic
  • Fixed a runtime logic of multiple chunks
  • Fixed destructing assignment of dynamic import json file
  • Passing errors array for a module hash
  • Added /*#__PURE__*/ to generated JSON.parse()
  • Generated a library manifest after clean plugin
  • Fixed non amd externals and amd library
  • Fixed a bug in SideEffectsFlagPlugin with namespace re-exports
  • Fixed an error message for condition or
  • The strictModuleErrorHandling is now working
  • Clean up child compilation chunk graph to avoid memory leak
  • [CSS] - Fixed CSS import prefer relative resolution
  • [CSS] - Fixed CSS runtime chunk loading error message

  New Features

  • Allow to set false for dev server in webpack.config.js
  • Added a warning for async external when not supported
  • Added a warning for async module when not supported
  • Added the node-module option for the node.__filename/__dirname and enable it by default for ESM target
  • Added the snapshot.unmanagedPaths option
  • Exposed the MultiCompilerOptions type
  • [CSS] - Added CSS parser options to enable/disable named exports
  • [CSS] - Moved CSS the exportsOnly option to CSS generator options

  Dependencies & Maintenance

  • use node.js LTS version for lint
  • bump actions/cache from 3 to 4
  • bump prettier from 3.2.1 to 3.2.3
  • bump assemblyscript
  • bump actions/checkout from 3 to 4

  Full Changelog: v5.89.0...v5.90.0

• 5.89.0 - 2023-10-13
  

  New Features

  • Make CommonJS import preserve chained expressions by @ bworline in #17718

  Dependencies & Maintenance

  • chore(deps-dev): bump @ types/node from 20.3.1 to 20.4.8 by @ dependabot in #17568
  • docs: add example for stats detailed output by @ ersachin3112 in #17420
  • docs: add example for stats normal output by @ ersachin3112 in #17426
  • chore(deps-dev): bump core-js from 3.31.0 to 3.32.0 by @ dependabot in #17539
  • chore(deps-dev): bump pretty-format from 29.5.0 to 29.6.2 by @ dependabot in #17536
  • chore(deps-dev): bump @ types/node from 20.4.8 to 20.4.9 by @ dependabot in #17583
  • chore(deps-dev): bump less from 4.1.3 to 4.2.0 by @ dependabot in #17580
  • chore(deps): bump semver from 5.7.1 to 5.7.2 by @ dependabot in #17483
  • chore(deps-dev): bump simple-git from 3.19.0 to 3.19.1 by @ dependabot in #17427
  • chore(deps-dev): bump @ types/node from 20.4.9 to 20.6.0 by @ dependabot in #17666

  Full Changelog: v5.88.2...v5.89.0

from webpack GitHub release notes

Commit messages

Package name: webpack

• 11c1be3 chore(release): 5.90.2
• c73afa4 fix: improve auto publicPath detection
• 856c8d2 test: update
• 858cb35 test: update
• 55ebdbd fix: improve auto publicPath detection
• 1a6ac87 ci: update
• 535cc98 ci: update azure
• 5dd5317 ci: update
• 451286b chore(deps): update
• 9c75a74 ci: update
• bd13845 ci: update
• 9767162 test: case for issue-17459
• 60f632b test: use production
• 582a4d3 test: case for issue-17459
• a793ed8 fix: make dynamic import optional in try/catch
• f06427a fix: make dynamic import optional in try/catch
• a2ce375 fix: use new runtime to reconsider skipped connections activeState
• 1673ee5 update snapshot
• 6d104b8 add test
• e094bf3 fix: should use new runtime to reconsider skipped connections
• 2a063f8 fix: mangle export with destructuring
• 69127ae add test
• 213290e fix: not mangle export with destructuring
• 51f0f0a fix: __webpack_exports_info__.xxx.canMangle shouldn't always same as default

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs