simple-badges icon indicating copy to clipboard operation
simple-badges copied to clipboard
verified publisher icon developStorm

Update dependency webpack to v5.76.0 [SECURITY]

Open renovate[bot] opened this issue 2 years ago • 1 comments

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
webpack 5.70.0 -> 5.76.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.

Release Notes

webpack/webpack (webpack)

v5.76.0

Compare Source

Bugfixes

Features

Security

Repo Changes

New Contributors

Full Changelog: https://github.com/webpack/webpack/compare/v5.75.0...v5.76.0

v5.75.0

Compare Source

Bugfixes

  • experiments.* normalize to false when opt-out
  • avoid NaN%
  • show the correct error when using a conflicting chunk name in code
  • HMR code tests existance of window before trying to access it
  • fix eval-nosources-* actually exclude sources
  • fix race condition where no module is returned from processing module
  • fix position of standalong semicolon in runtime code

Features

  • add support for @import to extenal CSS when using experimental CSS in node
  • add i64 support to the deprecated WASM implementation

Developer Experience

  • expose EnableWasmLoadingPlugin
  • add more typings
  • generate getters instead of readonly properties in typings to allow overriding them

v5.74.0

Compare Source

Features

  • add resolve.extensionAlias option which allows to alias extensions
    • This is useful when you are forced to add the .js extension to imports when the file really has a .ts extension (typescript + "type": "module")
  • add support for ES2022 features like static blocks
  • add Tree Shaking support for ProvidePlugin

Bugfixes

  • fix persistent cache when some build dependencies are on a different windows drive
  • make order of evaluation of side-effect-free modules deterministic between concatenated and non-concatenated modules
  • remove left-over from debugging in TLA/async modules runtime code
  • remove unneeded extra 1s timestamp offset during watching when files are actually untouched
    • This sometimes caused an additional second build which are not really needed
  • fix shareScope option for ModuleFederationPlugin
  • set "use-credentials" also for same origin scripts

Performance

  • Improve memory usage and performance of aggregating needed files/directories for watching
    • This affects rebuild performance

Extensibility

  • export HarmonyImportDependency for plugins

v5.73.0

Compare Source

Features

  • add options for default dynamicImportMode and prefetch and preload
  • add support for import { createRequire } from "module" in source code

Bugfixes

  • fix code generation of e. g. return"field"in Module
  • fix performance of large JSON modules
  • fix performance of async modules evaluation

Developer Experience

  • export PathData in typings
  • improve error messages with more details

v5.72.1

Compare Source

Bugfixes

  • fix __webpack_nonce__ with HMR
  • fix in operator in some cases
  • fix json parsing error messages
  • fix module concatenation with using this.importModule
  • upgrade enhanced-resolve

v5.72.0

Compare Source

Features

  • make cache warnings caused by build errors less verbose
  • Allow banner to be placed as a footer with the BannerPlugin
  • allow to concatenate asset modules

Bugfixes

  • fix RemoteModules when using HMR (Module Federation + HMR)
  • throw error when using module concatenation and cacheUnaffected
  • fix in operator with nested exports

v5.71.0

Compare Source

Features

  • choose smarter default for uniqueName when using a output.library which includes placeholders
  • add support for expressions with in of a imported binding
  • generate UMD code with arrow functions when possible

Bugfixes

  • fix source map source names for ContextModule to be relative
  • fix chunkLoading option in module module
  • fix edge case where evaluateExpression returns null
  • retain optional chaining in imported bindings
  • include runtime code for the base URI even if not using chunk loading
  • don't throw errors in persistent caching when importing node.js builtin modules via ESM
  • fix crash when using lazy-once Context modules
  • improve handling of context modules with multiple contexts
  • fix race condition HMR chunk loading when importing chunks during HMR updating
  • handle errors in runAsChild callback

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] avatar Mar 15 '23 00:03 renovate[bot]

Deploying badges with  Cloudflare Pages  Cloudflare Pages

Latest commit: 4050ce9
Status: ✅  Deploy successful!
Preview URL: https://9edbd09d.badges.pages.dev
Branch Preview URL: https://renovate-npm-webpack-vulnera.badges.pages.dev

View logs

cloudflare-workers-and-pages[bot] avatar Mar 15 '23 00:03 cloudflare-workers-and-pages[bot]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (5.76.0). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

renovate[bot] avatar Jul 17 '24 02:07 renovate[bot]