Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency webpack to v5.76.0 [SECURITY] #190

Merged
merged 1 commit into from Jul 9, 2023
Merged

Update dependency webpack to v5.76.0 [SECURITY] #190

merged 1 commit into from Jul 9, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 23, 2023
edited

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
webpack 5.74.0 -> 5.76.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.

Release Notes

webpack/webpack

v5.76.0

Compare Source

Bugfixes

Features

Security

Repo Changes

New Contributors

Full Changelog: webpack/webpack@v5.75.0...v5.76.0

v5.75.0

Compare Source

Bugfixes
  • experiments.* normalize to false when opt-out
  • avoid NaN%
  • show the correct error when using a conflicting chunk name in code
  • HMR code tests existance of window before trying to access it
  • fix eval-nosources-* actually exclude sources
  • fix race condition where no module is returned from processing module
  • fix position of standalong semicolon in runtime code
Features
  • add support for @import to extenal CSS when using experimental CSS in node
  • add i64 support to the deprecated WASM implementation
Developer Experience
  • expose EnableWasmLoadingPlugin
  • add more typings
  • generate getters instead of readonly properties in typings to allow overriding them

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added the security label Mar 23, 2023
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch from 6df67da to da7eac1 Compare April 3, 2023 11:24
@codecov
Copy link

codecov bot commented Apr 3, 2023
edited

Codecov Report

Merging #190 (bcacc5e) into bump (8378607) will decrease coverage by 0.21%.
The diff coverage is n/a.

❗ Current head bcacc5e differs from pull request most recent head 214d5e8. Consider uploading reports for the commit 214d5e8 to get more accurate results

@@            Coverage Diff             @@
##             bump     #190      +/-   ##
==========================================
- Coverage   58.36%   58.15%   -0.21%     
==========================================
  Files          26       26              
  Lines         281      282       +1     
  Branches       49       49              
==========================================
  Hits          164      164              
- Misses        115      116       +1     
  Partials        2        2
Flag Coverage Δ
tests 58.15% <ø> (-0.21%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
src/components/SearchResults/ShopCard.tsx 83.33% <ø> (ø)
src/pages/_app.tsx 81.81% <ø> (ø)
src/pages/api/auth/[...nextauth].tsx 100.00% <ø> (ø)

... and 6 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch from da7eac1 to ee005fd Compare April 17, 2023 11:24
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch from ee005fd to e895137 Compare May 28, 2023 08:42
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch from e895137 to 0263e2a Compare June 4, 2023 13:03
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch 2 times, most recently from 90855b2 to 1818772 Compare June 18, 2023 08:56
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch from 1818772 to abb930e Compare June 29, 2023 11:48
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch from abb930e to bcacc5e Compare July 6, 2023 12:54
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch from bcacc5e to 214d5e8 Compare July 9, 2023 11:45
@renovate renovate bot merged commit d963cbc into bump Jul 9, 2023
7 checks passed
@renovate renovate bot deleted the renovate/npm-webpack-vulnerability branch July 9, 2023 13:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@sebkasanzew sebkasanzew

Labels
security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@sebkasanzew