Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency webpack to v4.47.0 - autoclosed #230

Closed
wants to merge 1 commit into from
Closed

Update dependency webpack to v4.47.0 - autoclosed #230

wants to merge 1 commit into from

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Oct 17, 2023
edited

This PR contains the following updates:

Package Type Update Change
webpack dependencies minor 4.42.1 -> 4.47.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 7.5 CVE-2022-25858 #157

Release Notes

webpack/webpack (webpack)

v4.47.0

Compare Source

New Features

New Contributors

Full Changelog: webpack/webpack@v4.46.0...v4.47.0

v4.46.0

Compare Source

Bugfixes

  • fix behavior of defaults for resolve.roots to be backward-compatible

v4.45.0

Compare Source

Features

  • resolve server-relative requests relative to project context by default

Bugfixes

  • fix a bug where splitChunk minSize is not handled correctly
  • fix a bug where the order of splitChunk cacheGroups is not handled correctly

v4.44.2

Compare Source

Bugfixes

  • make sure to generate correct chunk connection for blocks that are only connected in some runtimes
    • fixes a bug where filename contains undefined hash at runtime

v4.44.1

Compare Source

Bugfixes

  • fix bug in sideEffects optimization when using export * from "non-esm" and a default export.
  • add missing optional peerDependencies for webpack-cli and webpack-command to support Yarn 2

v4.44.0

Compare Source

Features

  • Improve sideEffects flag behavior when dynamic modules are part of the tree
    • Fixes a bug which causes empty modules (or type-only modules) to "break" Tree Shaking
  • add splitChunks.enforceSizeThreshold to allow enfore splitting larger chunks unrelated from other limiations
    • Not set by default to avoid breaking change
    • It will be set by default to 50k in webpack 5
    • It's recommended to set it in webpack 4 too
  • add support for resolve.roots and default resolve.roots: [context]
    • This allows to resolve server-relative urls (e.g. /src/abc) to the project root (or other locations when configured)
    • This allows to use loaders that rely on that behavior

Bugfixes

  • fix bug where splitChunks produced non-optimal results when minSize is set to 0
    • This lead to NaNs in some places which breaks ordering
  • Fix bug which lead to HMR not working for splitChunks in entrypoints
  • force update watchpack and chokidar for chokidar bugfix which causes files to stop being watched

v4.43.0

Compare Source

Features

  • add module.hot.invalidate() to HMR API

Dependencies

  • push versions for forced security updates
  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by WhiteSource label Oct 17, 2023
@mend-for-github-com mend-for-github-com bot changed the title Update dependency webpack to v4.47.0 Update dependency webpack to v4.47.0 - autoclosed May 23, 2024
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/webpack-4.x-lockfile branch May 23, 2024 06:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by WhiteSource
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants