Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency webpack to v5.76.0 [security] #353

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency webpack to v5.76.0 [security] #353

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Mar 16, 2023
edited

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
webpack 5.72.1 -> 5.76.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.

Release Notes

webpack/webpack (webpack)

v5.76.0

Compare Source

Bugfixes

Features

Security

Repo Changes

New Contributors

Full Changelog: webpack/webpack@v5.75.0...v5.76.0

v5.75.0

Compare Source

Bugfixes

  • experiments.* normalize to false when opt-out
  • avoid NaN%
  • show the correct error when using a conflicting chunk name in code
  • HMR code tests existance of window before trying to access it
  • fix eval-nosources-* actually exclude sources
  • fix race condition where no module is returned from processing module
  • fix position of standalong semicolon in runtime code

Features

  • add support for @import to extenal CSS when using experimental CSS in node
  • add i64 support to the deprecated WASM implementation

Developer Experience

  • expose EnableWasmLoadingPlugin
  • add more typings
  • generate getters instead of readonly properties in typings to allow overriding them

v5.74.0

Compare Source

Features

  • add resolve.extensionAlias option which allows to alias extensions
    • This is useful when you are forced to add the .js extension to imports when the file really has a .ts extension (typescript + "type": "module")
  • add support for ES2022 features like static blocks
  • add Tree Shaking support for ProvidePlugin

Bugfixes

  • fix persistent cache when some build dependencies are on a different windows drive
  • make order of evaluation of side-effect-free modules deterministic between concatenated and non-concatenated modules
  • remove left-over from debugging in TLA/async modules runtime code
  • remove unneeded extra 1s timestamp offset during watching when files are actually untouched
    • This sometimes caused an additional second build which are not really needed
  • fix shareScope option for ModuleFederationPlugin
  • set "use-credentials" also for same origin scripts

Performance

  • Improve memory usage and performance of aggregating needed files/directories for watching
    • This affects rebuild performance

Extensibility

  • export HarmonyImportDependency for plugins

v5.73.0

Compare Source

Features

  • add options for default dynamicImportMode and prefetch and preload
  • add support for import { createRequire } from "module" in source code

Bugfixes

  • fix code generation of e. g. return"field"in Module
  • fix performance of large JSON modules
  • fix performance of async modules evaluation

Developer Experience

  • export PathData in typings
  • improve error messages with more details

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@vercel
Copy link

vercel bot commented Mar 16, 2023
edited

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
homepage ❌ Failed (Inspect) Oct 21, 2023 5:46am

@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch from ef569b6 to d9017b1 Compare April 5, 2023 09:37
@renovate renovate bot changed the title chore(deps): update dependency webpack to v5.76.0 [security] chore(deps): update dependency webpack to v5.76.0 [security] - autoclosed Sep 14, 2023
@renovate renovate bot closed this Sep 14, 2023
@renovate renovate bot deleted the renovate/npm-webpack-vulnerability branch September 14, 2023 07:11
@renovate renovate bot changed the title chore(deps): update dependency webpack to v5.76.0 [security] - autoclosed chore(deps): update dependency webpack to v5.76.0 [security] Sep 14, 2023
@renovate renovate bot reopened this Sep 14, 2023
@renovate renovate bot restored the renovate/npm-webpack-vulnerability branch September 14, 2023 09:43
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch from d9017b1 to 4440fb9 Compare September 14, 2023 09:44
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch from 4440fb9 to 503abfc Compare October 21, 2023 05:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants