[Snyk] Upgrade serverless-webpack from 5.3.5 to 5.7.1

[randytarampi]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade serverless-webpack from 5.3.5 to 5.7.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 13 versions ahead of your current version.
• The recommended version was released 14 days ago, on 2022-05-10.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-SSH2-1656673	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-SIMPLEGET-2361683	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PARSELINKHEADER-1582783	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Remote Code Execution (RCE) SNYK-JS-PACRESOLVER-1564857	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NORMALIZEURL-1296539	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NORMALIZEURL-1296539	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Directory Traversal SNYK-JS-MOMENT-2440688	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASHSET-1320032	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-COPYPROPS-1082870	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-AWSSDK-1059424	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Directory Traversal SNYK-JS-ADMZIP-1065796	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service (DoS) npm:mem:20180117	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIMOFFNEWLINES-1296850	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-PATHVAL-596926	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-NODEFETCH-2342118	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CONVENTIONALCOMMITSPARSER-1766960	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: serverless-webpack

• 5.7.1 - 2022-05-10
  

  What's Changed

  • Update build status badge by @ j0k3r in #1154
  • Fix this.serverless is undefined during zip by @ j0k3r in #1153
  • Prepare 5.7.1 by @ j0k3r in #1155

  Full Changelog: v5.7.0...v5.7.1

• 5.7.0 - 2022-04-09
  

  Main changes

  1. @ medikoo changed the output log when using Serverless v3, it's less verbose and more clean

     progress:
     

     success:
     

  2. We switch back to archiver instead of bestzip to ensure consistent artifact. The switch to bestzip was mostly for faster zip because it tend to use the native zip command instead of the one from Node.

  3. Support for NPM 8 was added by @ moroine

  What's Changed

  • Clarify versions supported by the plugin by @ mnapoli in #1056
  • Fix tests with Serverless v3 by @ j0k3r in #1062
  • Modern logs for Serverless Framework v3 by @ medikoo in #1013
  • Ensure consistent artifact sha (remove bestzip and bring back archiver) by @ russell-dot-js & @ j0k3r in #1018
  • Allow param values in slsw.lib.options by @ coyoteecd in #1076
  • Supports NPM 8 and convert tests from Mocha to Jest by @ moroine in #1084
  • Update Jest config by @ j0k3r in #1110
  • Fix filesystem cache not working when package individually is set by @ hieuunguyeen in #1037

  New Contributors

  • @ mnapoli made their first contribution in #1056
  • @ moroine made their first contribution in #1084
  • @ hieuunguyeen made their first contribution in #1037

  Full Changelog: v5.6.1...v5.7.0

• 5.6.1 - 2022-01-26
  

  What's Changed

  • Enable auto-merge for minor upgrades. by @ vicary in #1008
  • Fix handling of multiple compilation errors by @ medikoo in #1011
  • Mark plugin as Serverless Framework v3 compliant by @ medikoo in #1016
  • Prevent includeModules and noInstall at the same time. by @ vicary in #1023
  • 5.6.1 by @ j0k3r in #1049

  Full Changelog: v5.6.0...v5.6.1

• 5.6.0 - 2021-11-22
  

  Detailed changes

  1. There is now a noInstall options in packagerOptions (for both NPM & Yarn) to skip deps installation during the Serverless package / deployment. If you enable that option, be sure packages are installed before.

     custom:
       webpack:
         packagerOptions:
           noInstall: true

  2. The --no-build CLI argument has been removed.
     You should now define it inside your Serverless configuration:

     custom:
       webpack:
         noBuild: true

  3. The --watch CLI argument has been improved and now works properly.

  What's Changed

  • Avoid a JS error when the Webpack config is not found by @ j0k3r in #1002
  • feat(packager): add noInstall option by @ russell-dot-js in #1003
  • Centralize webpack stats config handling (refactor) by @ medikoo in #1006
  • Fix command resolution when watch is involved by @ medikoo in #1004
  • feat(compiler): add noBuild option by @ vicary in #1007
  • Fix user error reporting by @ medikoo in #1005
  • 5.6.0 by @ j0k3r in #1010

  Full Changelog: v5.5.5...v5.6.0

• 5.5.5 - 2021-10-18
  Read more
• 5.5.4 - 2021-09-08
  

  This release include one fix (#953) when using serverless-webpack with webpack >= 5.52.0

• 5.5.3 - 2021-09-01
  

  This release include one fix (#944 thanks @ mostthingsweb) when using sls deploy function --function=function-name for a function defined without an explicit runtime (that bug were introduced in 5.5.2).

• 5.5.2 - 2021-08-26
  Read more
• 5.5.1 - 2021-06-10
  Read more
• 5.5.0 - 2021-05-10
  Read more
• 5.4.2 - 2021-04-28
• 5.4.1 - 2021-04-07
• 5.4.0 - 2021-03-17
• 5.3.5 - 2020-09-14

from serverless-webpack GitHub release notes

Commit messages

Package name: serverless-webpack

• e5c12a3 Merge pull request #1155 from serverless-heaven/release/5.7.1
• e0e6e07 Prepare 5.7.1
• 1dea9ec Merge pull request #1153 from serverless-heaven/fix/this-serverless-undefined-zip
• c34dbdc Fix `this.serverless` is undefined during zip
• 2f00f04 Merge pull request #1154 from serverless-heaven/fix/update-build-status-badge
• d246273 Update build status badge
• a3687db chore(deps-dev): bump sinon from 13.0.2 to 14.0.0 (#1152)
• 7aa7a85 Merge pull request #1151 from serverless-heaven/dependabot/npm_and_yarn/eslint-8.15.0
• 8b418e8 chore(deps-dev): bump eslint from 8.14.0 to 8.15.0
• 44e135a Merge pull request #1148 from serverless-heaven/dependabot/npm_and_yarn/babel/core-7.17.10
• 91ba63a chore(deps-dev): bump @ babel/core from 7.17.9 to 7.17.10
• 6a2d24a Merge pull request #1149 from serverless-heaven/dependabot/npm_and_yarn/serverless-3.16.0
• 21fe13d chore(deps-dev): bump serverless from 3.15.2 to 3.16.0
• 201811d Merge pull request #1146 from serverless-heaven/dependabot/npm_and_yarn/serverless/test-10.0.4
• ef866b1 chore(deps-dev): bump @ serverless/test from 10.0.3 to 10.0.4
• b8a699a Merge pull request #1142 from serverless-heaven/dependabot/npm_and_yarn/serverless-3.15.2
• 57ff2e5 chore(deps-dev): bump serverless from 3.15.0 to 3.15.2
• b8939c3 Merge pull request #1141 from serverless-heaven/dependabot/npm_and_yarn/eslint-8.14.0
• d0993a5 chore(deps-dev): bump eslint from 8.13.0 to 8.14.0
• 5405674 Merge pull request #1139 from serverless-heaven/dependabot/npm_and_yarn/serverless-3.15.0
• 90281f8 chore(deps-dev): bump serverless from 3.14.0 to 3.15.0
• 23a0d44 Merge pull request #1138 from serverless-heaven/dependabot/npm_and_yarn/archiver-5.3.1
• f36be61 chore(deps): bump archiver from 5.3.0 to 5.3.1
• 4a2562c Merge pull request #1136 from serverless-heaven/dependabot/npm_and_yarn/examples/include-external-npm-packages-lock-file/async-2.6.4

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs