[Snyk] Upgrade webpack from 4.39.2 to 5.91.0

[YoutacRandS-VA]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade webpack from 4.39.2 to 5.91.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 258 versions ahead of your current version.

• The recommended version was released on 3 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	479	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	479	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	479	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	479	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840	479	No Known Exploit
	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	479	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6056521	479	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	479	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	479	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	479	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	479	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	479	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	479	No Known Exploit
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	479	Proof of Concept
	Prototype Pollution SNYK-JS-AJV-584908	479	No Known Exploit
	Prototype Pollution SNYK-JS-INI-1048974	479	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	479	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-559764	479	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	479	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	479	Proof of Concept
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	479	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	479	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	479	Proof of Concept
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	479	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	479	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	479	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	479	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	479	Proof of Concept
	Validation Bypass SNYK-JS-KINDOF-537849	479	Proof of Concept

Release notes

Package name: webpack

• 5.91.0 - 2024-03-20
  

  Bug Fixes

  • Deserializer for ignored modules doesn't crash
  • Allow the unsafeCache option to be a proxy object
  • Normalize the snapshot.unmanagedPaths option
  • Fixed fs types
  • Fixed resolve's plugins types
  • Fixed wrongly calculate postOrderIndex
  • Fixed watching types
  • Output import attrbiutes/import assertions for external JS imports
  • Throw an error when DllPlugin needs to generate multiple manifest files, but the path is the same
  • [CSS] Output layer/supports/media for external CSS imports

  New Features

  • Allow to customize the stage of BannerPlugin
  • [CSS] Support CSS exports convention
  • [CSS] support CSS local ident name
  • [CSS] Support __webpack_nonce__ for CSS chunks
  • [CSS] Support fetchPriority for CSS chunks
  • [CSS] Allow to use LZW to compress css head meta (enabled in the production mode by default)
  • [CSS] Support prefetch/preload for CSS chunks
• 5.90.3 - 2024-02-19
  

  Bug Fixes

  • don't mangle when destructuring a reexport
  • types for Stats.toJson() and Stats.toString()
  • many internal types
  • [CSS] clean up export css local vars

  Perf

  • simplify and optimize chunk graph creation
• 5.90.2 - 2024-02-15
  

  Bug Fixes

  • use Math.imul in fnv1a32 to avoid loss of precision, directly hash UTF16 values
  • the setStatus() of the HMR module should not return an array, which may cause infinite recursion
  • __webpack_exports_info__.xxx.canMangle shouldn't always same as default
  • mangle export with destructuring
  • use new runtime to reconsider skipped connections activeState
  • make dynamic import optional in try/catch
  • improve auto publicPath detection

  Dependencies & Maintenance

  • improve CI setup and include Node.js@21
• 5.90.1 - 2024-02-01
  

  Bug Fixes

  • set unmanagedPaths in defaults
  • correct preOrderIndex and postOrderIndex
  • add fallback for MIME mismatch error in async wasm loading
  • browsers versions of ECMA features

  Performance

  • optimize compareStringsNumeric
  • optimize numberHash using 32-bit FNV1a for small ranges, 64-bit for larger
  • reuse VM context across webpack magic comments
• 5.90.0 - 2024-01-24
  

  Bug Fixes

  • Fixed inner graph for classes
  • Optimized RemoveParentModulesPlugin via bigint arithmetic
  • Fixed worklet detection in production mode
  • Fixed an error for cyclic importModule
  • Fixed types for Server and Dirent
  • Added the fetchPriority to hmr runtime's ensureChunk function
  • Don't warn about dynamic import for build dependencies
  • External module generation respects the output.environment.arrowFunction option
  • Fixed consumimng shared runtime module logic
  • Fixed a runtime logic of multiple chunks
  • Fixed destructing assignment of dynamic import json file
  • Passing errors array for a module hash
  • Added /*#__PURE__*/ to generated JSON.parse()
  • Generated a library manifest after clean plugin
  • Fixed non amd externals and amd library
  • Fixed a bug in SideEffectsFlagPlugin with namespace re-exports
  • Fixed an error message for condition or
  • The strictModuleErrorHandling is now working
  • Clean up child compilation chunk graph to avoid memory leak
  • [CSS] - Fixed CSS import prefer relative resolution
  • [CSS] - Fixed CSS runtime chunk loading error message

  New Features

  • Allow to set false for dev server in webpack.config.js
  • Added a warning for async external when not supported
  • Added a warning for async module when not supported
  • Added the node-module option for the node.__filename/__dirname and enable it by default for ESM target
  • Added the snapshot.unmanagedPaths option
  • Exposed the MultiCompilerOptions type
  • [CSS] - Added CSS parser options to enable/disable named exports
  • [CSS] - Moved CSS the exportsOnly option to CSS generator options

  Dependencies & Maintenance

  • use node.js LTS version for lint
  • bump actions/cache from 3 to 4
  • bump prettier from 3.2.1 to 3.2.3
  • bump assemblyscript
  • bump actions/checkout from 3 to 4

  Full Changelog: v5.89.0...v5.90.0

• 5.89.0 - 2023-10-13
  

  New Features

  • Make CommonJS import preserve chained expressions by @ bworline in #17718

  Dependencies & Maintenance

  • chore(deps-dev): bump @ types/node from 20.3.1 to 20.4.8 by @ dependabot in #17568
  • docs: add example for stats detailed output by @ ersachin3112 in #17420
  • docs: add example for stats normal output by @ ersachin3112 in #17426
  • chore(deps-dev): bump core-js from 3.31.0 to 3.32.0 by @ dependabot in #17539
  • chore(deps-dev): bump pretty-format from 29.5.0 to 29.6.2 by @ dependabot in #17536
  • chore(deps-dev): bump @ types/node from 20.4.8 to 20.4.9 by @ dependabot in #17583
  • chore(deps-dev): bump less from 4.1.3 to 4.2.0 by @ dependabot in #17580
  • chore(deps): bump semver from 5.7.1 to 5.7.2 by @ dependabot in #17483
  • chore(deps-dev): bump simple-git from 3.19.0 to 3.19.1 by @ dependabot in #17427
  • chore(deps-dev): bump @ types/node from 20.4.9 to 20.6.0 by @ dependabot in #17666

  Full Changelog: v5.88.2...v5.89.0

• 5.88.2 - 2023-07-18
  

  Bug Fixes

  • Fixed a bug where unused identifiers should retain names when using css modules by @ burhanuday in #17444

  Full Changelog: v5.88.1...v5.88.2

• 5.88.1 - 2023-06-28
  

  Developer Experience

  • Significantly improve TypeScript coverage for Library Plugins by @ alexander-akait in #17414

  Full Changelog: v5.88.0...v5.88.1

• 5.88.0 - 2023-06-21
  

  New Features

  • [CSS] - Use css/auto as the default css mode by @ burhanuday in #17399

  Bug Fixes

  • Fix bugs related to require.context and layer by @ alexander-akait in #17388
  • Fix bug in runtime for CSS loading by @ alexander-akait in #17400
  • Correct indirect call for tagged template expressions using correct this context by @ alexander-akait in #17397
  • Update environment support for KaiOS browser by @ steverep in #17395
  • Fix async module runtime code for running top-level-await by @ ahabhgk in #17393

  Developer Experience

  • Add example for stats minimal output by @ ersachin3112 in #17406
  • Significantly improve type coverage for Dependency, Runtime, Template classes by @ alexander-akait in #17394

  Dependencies & Maintenance

  • Bump browserslist from 4.21.8 to 4.21.9 by @ dependabot in #17389
  • Bump acorn from 8.8.2 to 8.9.0 by @ dependabot in #17402
  • Bump eslint from 8.42.0 to 8.43.0 by @ dependabot in #17401
  • Bump eslint-plugin-jest from 27.2.1 to 27.2.2 by @ dependabot in #17407

  New Contributors

  • @ steverep made their first contribution in #17395

  Full Changelog: v5.87.0...v5.88.0

• 5.87.0 - 2023-06-14
• 5.86.0 - 2023-06-07
• 5.85.1 - 2023-06-05
• 5.85.0 - 2023-05-31
• 5.84.1 - 2023-05-25
• 5.84.0 - 2023-05-24
• 5.83.1 - 2023-05-17
• 5.83.0 - 2023-05-17
• 5.82.1 - 2023-05-10
• 5.82.0 - 2023-05-03
• 5.81.0 - 2023-04-26
• 5.80.0 - 2023-04-19
• 5.79.0 - 2023-04-12
• 5.78.0 - 2023-04-05
• 5.77.0 - 2023-03-29
• 5.76.3 - 2023-03-22
• 5.76.2 - 2023-03-15
• 5.76.1 - 2023-03-10
• 5.76.0 - 2023-03-08
• 5.75.0 - 2022-11-09
• 5.74.0 - 2022-07-25
• 5.73.0 - 2022-06-02
• 5.72.1 - 2022-05-10
• 5.72.0 - 2022-04-07
• 5.71.0 - 2022-04-01
• 5.70.0 - 2022-03-03
• 5.69.1 - 2022-02-17
• 5.69.0 - 2022-02-15
• 5.68.0 - 2022-01-31
• 5.67.0 - 2022-01-21
• 5.66.0 - 2022-01-12
• 5.65.0 - 2021-12-06
• 5.64.4 - 2021-11-25
• 5.64.3 - 2021-11-24
• 5.64.2 - 2021-11-20
• 5.64.1 - 2021-11-15
• 5.64.0 - 2021-11-11
• 5.63.0 - 2021-11-09
• 5.62.2 - 2021-11-09
• 5.62.1 - 2021-11-05
• 5.62.0 - 2021-11-05
• 5.61.0 - 2021-10-29
• 5.60.0 - 2021-10-25
• 5.59.1 - 2021-10-20
• 5.59.0 - 2021-10-19
• 5.58.2 - 2021-10-13
• 5.58.1 - 2021-10-08
• 5.58.0 - 2021-10-07
• 5.57.1 - 2021-10-05
• 5.57.0 - 2021-10-05
• 5.56.1 - 2021-10-04
• 5.56.0 - 2021-10-01
• 5.55.1 - 2021-09-29
• 5.55.0 - 2021-09-28
• 5.54.0 - 2021-09-24
• 5.53.0 - 2021-09-16
• 5.52.1 - 2021-09-10
• 5.52.0 - 2021-09-03
• 5.51.2 - 2021-09-02
• 5.51.1 - 2021-08-19
• 5.51.0 - 2021-08-19
• 5.50.0 - 2021-08-10
• 5.49.0 - 2021-08-06
• 5.48.0 - 2021-08-02
• 5.47.1 - 2021-07-29
• 5.47.0 - 2021-07-27
• 5.46.0 - 2021-07-22
• 5.45.1 - 2021-07-16
• 5.45.0 - 2021-07-16
• 5.44.0 - 2021-07-08
• 5.43.0 - 2021-07-06
• 5.42.1 - 2021-07-05
• 5.42.0 - 2021-07-02
• 5.41.1 - 2021-06-29
• 5.41.0 - 2021-06-28
• 5.40.0 - 2021-06-21
• 5.39.1 - 2021-06-17
• 5.39.0 - 2021-06-14
• 5.38.1 - 2021-05-27
• 5.38.0 - 2021-05-27
• 5.37.1 - 2021-05-19
• 5.37.0 - 2021-05-10
• 5.36.2 - 2021-04-30
• 5.36.1 - 2021-04-28
• 5.36.0 - 2021-04-27
• 5.35.1 - 2021-04-23
• 5.35.0 - 2021-04-21
• 5.34.0 - 2021-04-19
• 5.33.2 - 2021-04-14
• 5.33.1 - 2021-04-14
• 5.33.0 - 2021-04-14
• 5.32.0 - 2021-04-12
• 5.31.2 - 2021-04-09
• 5.31.1 - 2021-04-09
• 5.31.0 - 2021-04-07
• 5.30.0 - 2021-04-01
• 5.29.0 - 2021-04-01
• 5.28.0 - 2021-03-24
• 5.27.2 - 2021-03-22
• 5.27.1 - 2021-03-20
• 5.27.0 - 2021-03-19
• 5.26.3 - 2021-03-17
• 5.26.2 - 2021-03-16
• 5.26.1 - 2021-03-16
• 5.26.0 - 2021-03-15
• 5.25.1 - 2021-03-14
• 5.25.0 - 2021-03-12
• 5.24.4 - 2021-03-08
• 5.24.3 - 2021-03-03
• 5.24.2 - 2021-02-24
• 5.24.1 - 2021-02-23
• 5.24.0 - 2021-02-22
• 5.23.0 - 2021-02-18
• 5.22.0 - 2021-02-15
• 5.21.2 - 2021-02-07
• 5.21.1 - 2021-02-06
• 5.21.0 - 2021-02-05
• 5.20.2 - 2021-02-04
• 5.20.1 - 2021-02-03
• 5.20.0 - 2021-02-02
• 5.19.0 - 2021-01-29
• 5.18.0 - 2021-01-26
• 5.17.0 - 2021-01-22
• 5.16.0 - 2021-01-19
• 5.15.0 - 2021-01-15
• 5.14.0 - 2021-01-13
• 5.13.0 - 2021-01-11
• 5.12.3 - 2021-01-10
• 5.12.2 - 2021-01-09
• 5.12.1 - 2021-01-08
• 5.12.0 - 2021-01-08
• 5.11.1 - 2020-12-28
• 5.11.0 - 2020-12-17
• 5.10.3 - 2020-12-15
• 5.10.2 - 2020-12-15
• 5.10.1 - 2020-12-11
• 5.10.0 - 2020-12-04
• 5.9.0 - 2020-11-28
• 5.8.0 - 2020-11-26
• 5.7.0 - 2020-11-26
• 5.6.0 - 2020-11-19
• 5.5.1 - 2020-11-18
• 5.5.0 - 2020-11-17
• 5.4.0 - 2020-11-03
• 5.3.2 - 2020-10-29
• 5.3.1 - 2020-10-28
• 5.3.0 - 2020-10-27
• 5.2.1 - 2020-10-27
• 5.2.0 - 2020-10-22
• 5.1.3 - 2020-10-16
• 5.1.2 - 2020-10-15
• 5.1.1 - 2020-10-15
• 5.1.0 - 2020-10-13
• 5.0.0 - 2020-10-10
• 5.0.0-rc.6 - 2020-10-10
• 5.0.0-rc.5 - 2020-10-09
• 5.0.0-rc.4 - 2020-10-07
• 5.0.0-rc.3 - 2020-09-30
• 5.0.0-rc.2 - 2020-09-29
• 5.0.0-rc.1 - 2020-09-28
• 5.0.0-rc.0 - 2020-09-20
• 5.0.0-beta.33 - 2020-09-20
• 5.0.0-beta.32 - 2020-09-18
• 5.0.0-beta.31 - 2020-09-17
• 5.0.0-beta.30 - 2020-09-11
• 5.0.0-beta.29 - 2020-08-28
• 5.0.0-beta.28 - 2020-08-20
• 5.0.0-beta.27 - 2020-08-19
• 5.0.0-beta.26 - 2020-08-14
• 5.0.0-beta.25 - 2020-08-10
• 5.0.0-beta.24 - 2020-08-05
• 5.0.0-beta.23 - 2020-08-02
• 5.0.0-beta.22 - 2020-07-09
• 5.0.0-beta.21 - 2020-07-06
• 5.0.0-beta.20 - 2020-06-29
• 5.0.0-beta.19 - 2020-06-29
• 5.0.0-beta.18 - 2020-06-17
• 5.0.0-beta.17 - 2020-06-03
• 5.0.0-beta.16 - 2020-05-05
• 5.0.0-beta.15 - 2020-04-21
• 5.0.0-beta.14 - 2020-03-02
• 5.0.0-beta.13 - 2020-01-29
• 5.0.0-beta.12 - 2020-01-16
• 5.0.0-beta.11 - 2019-12-24
• 5.0.0-beta.10 - 2019-12-22
• 5.0.0-beta.9 - 2019-12-08
• 5.0.0-beta.8 - 2019-12-08
• 5.0.0-beta.7 - 2019-11-20
• 5.0.0-beta.6 - 2019-11-14
• 5.0.0-beta.5 - 2019-11-13
• 5.0.0-beta.4 - 2019-11-12
• 5.0.0-beta.3 - 2019-11-06
• 5.0.0-beta.2 - 2019-10-31
• 5.0.0-beta.1 - 2019-10-22
• 5.0.0-beta.0 - 2019-10-11
• 5.0.0-alpha.32 - 2019-10-11
• 5.0.0-alpha.31 - 2019-10-10
• 5.0.0-alpha.30 - 2019-10-07
• 5.0.0-alpha.29 - 2019-10-02
• 5.0.0-alpha.28 - 2019-09-26
• 5.0.0-alpha.27 - 2019-09-25
• 5.0.0-alpha.26 - 2019-09-08
• 5.0.0-alpha.25 - 2019-09-06
• 5.0.0-alpha.24 - 2019-09-05
• 5.0.0-alpha.23 - 2019-08-27
• 5.0.0-alpha.22 - 2019-08-23
• 5.0.0-alpha.21 - 2019-08-22
• 5.0.0-alpha.20 - 2019-08-14
• 5.0.0-alpha.19 - 2019-08-06
• 5.0.0-alpha.18 - 2019-07-08
• 5.0.0-alpha.17 - 2019-07-01
• 5.0.0-alpha.16 - 2019-06-14
• 5.0.0-alpha.15 - 2019-06-05
• 5.0.0-alpha.14 - 2019-05-23
• 5.0.0-alpha.13 - 2019-05-20
• 5.0.0-alpha.12 - 2019-05-10
• 5.0.0-alpha.11 - 2019-02-19
• 5.0.0-alpha.10 - 2019-02-07
• 5.0.0-alpha.9 - 2019-01-27
• 5.0.0-alpha.8 - 2019-01-19
• 5.0.0-alpha.7 - 2019-01-19
• 5.0.0-alpha.6 - 2019-01-15
• 5.0.0-alpha.5 - 2019-01-09
• 5.0.0-alpha.4 - 2019-01-08
• 5.0.0-alpha.3 - 2018-12-29
• 5.0.0-alpha.2 - 2018-12-26
• 5.0.0-alpha.1 - 2018-12-23
• 5.0.0-alpha.0 - 2018-12-21
• 4.47.0 - 2023-09-06
  

  New Features

  • [Security] - Add support for md4 in Node >=18. by @ iclanton in #17628

  New Contributors

  • @ iclanton made their first contribution in #17628

  Full Changelog: v4.46.0...v4.47.0

• 4.46.0 - 2021-01-11
• 4.45.0 - 2021-01-08
• 4.44.2 - 2020-09-17
• 4.44.1 - 2020-07-30
• 4.44.0 - 2020-07-24
• 4.43.0 - 2020-04-21
• 4.42.1 - 2020-03-24
• 4.42.0 - 2020-03-02
• 4.41.6 - 2020-02-11
• 4.41.5 - 2019-12-27
• 4.41.4 - 2019-12-19
• 4.41.3 - 2019-12-16
• 4.41.2 - 2019-10-15
• 4.41.1 - 2019-10-11
• 4.41.0 - 2019-09-24
• 4.40.3 - 2019-09-24
• 4.40.2 - 2019-09-13
• 4.40.1 - 2019-09-13
• 4.40.0 - 2019-09-12
• 4.39.3 - 2019-08-27
• 4.39.2 - 2019-08-13

from webpack GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs