chore(deps-dev): Bump webpack from 5.76.0 to 5.90.3

[dependabot]

Bumps webpack from 5.76.0 to 5.90.3.

Release notes

Sourced from webpack's releases.

v5.90.3

Bug Fixes

• don't mangle when destructuring a reexport
• types for Stats.toJson() and Stats.toString()
• many internal types
• [CSS] clean up export css local vars

Perf

• simplify and optimize chunk graph creation

v5.90.2

Bug Fixes

• use Math.imul in fnv1a32 to avoid loss of precision, directly hash UTF16 values
• the setStatus() of the HMR module should not return an array, which may cause infinite recursion
• __webpack_exports_info__.xxx.canMangle shouldn't always same as default
• mangle export with destructuring
• use new runtime to reconsider skipped connections activeState
• make dynamic import optional in try/catch
• improve auto publicPath detection

Dependencies & Maintenance

• improve CI setup and include Node.js@21

v5.90.1

Bug Fixes

• set unmanagedPaths in defaults
• correct preOrderIndex and postOrderIndex
• add fallback for MIME mismatch error in async wasm loading
• browsers versions of ECMA features

Performance

• optimize compareStringsNumeric
• optimize numberHash using 32-bit FNV1a for small ranges, 64-bit for larger
• reuse VM context across webpack magic comments

v5.90.0

Bug Fixes

• Fixed inner graph for classes
• Optimized RemoveParentModulesPlugin via bigint arithmetic
• Fixed worklet detection in production mode
• Fixed an error for cyclic importModule
• Fixed types for Server and Dirent
• Added the fetchPriority to hmr runtime's ensureChunk function

... (truncated)

Commits

• 651b3d6 chore(release): 5.90.3
• c8d4b5e fix: more types
• 5b9f6e4 perf: simplify and optimize chunk graph creation
• 1addd26 refactor: more types
• 65d547f fix: should not mangle when destructuring a reexport
• 0b2a5a0 fix(css): clean up export css local vars
• 0258e6c update snapshot
• 2360e3a fix: clean up export css local vars
• fc7b34d fix: should not mangle when destructuring a reexport
• 780f891 (perf) Simplify and optimize chunk graph creation
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@types/estree@1.0.5	None	0	25.7 kB	types
npm/@webassemblyjs/ast@1.11.6	None	+5	341 kB	xtuc
npm/@webassemblyjs/wasm-parser@1.11.6	None	+10	457 kB	xtuc
npm/browserslist@4.23.0	environment, filesystem Transitive: shell	+5	2.1 MB	ai
npm/enhanced-resolve@5.15.1	unsafe Transitive: environment, filesystem	+2	268 kB	evilebottnawi
npm/schema-utils@3.3.0	environment Transitive: eval	+7	1.64 MB	evilebottnawi
npm/webpack@5.90.3	environment, filesystem, network, unsafe Transitive: eval, shell	+74	16 MB	evilebottnawi

🚮 Removed packages: npm/@types/estree@0.0.51, npm/browserslist@4.20.2, npm/enhanced-resolve@5.10.0, npm/schema-utils@3.1.1, npm/webpack@5.76.0

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note
Unstable ownership	npm/enhanced-resolve@5.15.1	Author: evilebottnawi

View full report↗︎

Next steps

What is unstable ownership?

A new collaborator has begun publishing package versions. Package stability and security risk may be elevated.

Try to reduce the amount of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/enhanced-resolve@5.15.1

[dependabot]

Superseded by #1177.