-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
deps: Update dependency webpack to v5.76.0 [SECURITY] #3195
Open
renovate
wants to merge
1
commit into
master
Choose a base branch
from
renovate/npm-webpack-vulnerability
base: master
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
March 23, 2023 23:47
50a1f21
to
6c048d7
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
April 3, 2023 09:00
6c048d7
to
a13748c
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
April 17, 2023 10:18
a13748c
to
9a09a93
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
May 28, 2023 09:17
9a09a93
to
191b110
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
June 4, 2023 12:17
191b110
to
f0375c7
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
3 times, most recently
from
June 19, 2023 13:30
f898e4c
to
55aa24e
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
2 times, most recently
from
July 6, 2023 12:02
eec179f
to
456f069
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
2 times, most recently
from
July 19, 2023 12:09
c347612
to
8689daa
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
July 27, 2023 20:25
8689daa
to
ee6b56d
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
August 9, 2023 14:43
ee6b56d
to
e251cfb
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
2 times, most recently
from
September 26, 2023 12:22
a08e220
to
5faa9bf
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
2 times, most recently
from
October 15, 2023 15:16
4d377ef
to
ed3449e
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
October 21, 2023 02:15
ed3449e
to
4762dc4
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
November 6, 2023 06:36
4762dc4
to
4426674
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
November 16, 2023 10:17
4426674
to
47487c3
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
January 28, 2024 09:30
47487c3
to
5381528
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
February 4, 2024 11:36
5381528
to
c5a21a5
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
February 25, 2024 10:57
c5a21a5
to
3a044af
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
March 12, 2024 11:55
3a044af
to
19940f9
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
2 times, most recently
from
March 24, 2024 15:00
364407a
to
1597e60
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
2 times, most recently
from
April 21, 2024 10:31
6bcb995
to
68d1fa3
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
April 25, 2024 08:01
68d1fa3
to
080474f
Compare
renovate
bot
force-pushed
the
renovate/npm-webpack-vulnerability
branch
from
June 4, 2024 10:59
080474f
to
85c15e0
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
5.74.0
->5.76.0
GitHub Vulnerability Alerts
CVE-2023-28154
Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.
Release Notes
webpack/webpack (webpack)
v5.76.0
Compare Source
Bugfixes
generatedCode
info to fix bug in asset module cache restoration by @ryanwilsonperkin in https://github.com/webpack/webpack/pull/16703hashRegExp
lookup by @ryanwilsonperkin in https://github.com/webpack/webpack/pull/16759Features
target
toLoaderContext
type by @askoufis in https://github.com/webpack/webpack/pull/16781Security
Repo Changes
New Contributors
Full Changelog: webpack/webpack@v5.75.0...v5.76.0
v5.75.0
Compare Source
Bugfixes
experiments.*
normalize tofalse
when opt-outNaN%
window
before trying to access iteval-nosources-*
actually exclude sourcesFeatures
@import
to extenal CSS when using experimental CSS in nodei64
support to the deprecated WASM implementationDeveloper Experience
EnableWasmLoadingPlugin
Configuration
📅 Schedule: Branch creation - "" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.