Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade webpack from 5.88.2 to 5.90.0 #847

Closed

Conversation

lholmquist
Copy link
Member

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade webpack from 5.88.2 to 5.90.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 2 versions ahead of your current version.
  • The recommended version was released 21 days ago, on 2024-01-24.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-6147607
412/1000
Why? Proof of Concept exploit, CVSS 6.1
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: webpack
  • 5.90.0 - 2024-01-24

    Bug Fixes

    • Fixed inner graph for classes
    • Optimized RemoveParentModulesPlugin via bigint arithmetic
    • Fixed worklet detection in production mode
    • Fixed an error for cyclic importModule
    • Fixed types for Server and Dirent
    • Added the fetchPriority to hmr runtime's ensureChunk function
    • Don't warn about dynamic import for build dependencies
    • External module generation respects the output.environment.arrowFunction option
    • Fixed consumimng shared runtime module logic
    • Fixed a runtime logic of multiple chunks
    • Fixed destructing assignment of dynamic import json file
    • Passing errors array for a module hash
    • Added /*#__PURE__*/ to generated JSON.parse()
    • Generated a library manifest after clean plugin
    • Fixed non amd externals and amd library
    • Fixed a bug in SideEffectsFlagPlugin with namespace re-exports
    • Fixed an error message for condition or
    • The strictModuleErrorHandling is now working
    • Clean up child compilation chunk graph to avoid memory leak
    • [CSS] - Fixed CSS import prefer relative resolution
    • [CSS] - Fixed CSS runtime chunk loading error message

    New Features

    • Allow to set false for dev server in webpack.config.js
    • Added a warning for async external when not supported
    • Added a warning for async module when not supported
    • Added the node-module option for the node.__filename/__dirname and enable it by default for ESM target
    • Added the snapshot.unmanagedPaths option
    • Exposed the MultiCompilerOptions type
    • [CSS] - Added CSS parser options to enable/disable named exports
    • [CSS] - Moved CSS the exportsOnly option to CSS generator options

    Dependencies & Maintenance

    • use node.js LTS version for lint
    • bump actions/cache from 3 to 4
    • bump prettier from 3.2.1 to 3.2.3
    • bump assemblyscript
    • bump actions/checkout from 3 to 4

    Full Changelog: v5.89.0...v5.90.0

  • 5.89.0 - 2023-10-13

    New Features

    Dependencies & Maintenance

    Full Changelog: v5.88.2...v5.89.0

  • 5.88.2 - 2023-07-18

    Bug Fixes

    • Fixed a bug where unused identifiers should retain names when using css modules by @ burhanuday in #17444

    Full Changelog: v5.88.1...v5.88.2

from webpack GitHub release notes
Commit messages
Package name: webpack
  • 4a26623 chore(release): 5.90.0
  • f03e96e fix: inner graph for classes
  • b6c1430 test: added
  • 28948dd fix: inner graph
  • 5a9ed6d fix: inner graph
  • c8d9d97 fix: inner graph for classes
  • 3022995 fix: inner graph for classes
  • f857674 fix: worklet detection in production mode
  • 2d6f5fa feat: allow to set `false` for dev server
  • 644cd47 test: added
  • 413eb12 fix: worklet detection in production mode
  • 81623b6 perf: optimize RemoveParentModulesPlugin via bigint arithmetic
  • b295fd3 fix: css import prefer relative resolution
  • 4af32a9 fix: error for cyclic importModule
  • 45a33f4 update snapshot
  • fb2ca7c fix: css-import should apply preferRelative
  • b3ea520 fix
  • de0e598 fix: error for cyclic importModule
  • a4e994b Remove lib directive
  • fd4c36d Remove wrapper objects
  • b187e2f Optimize RemoveParentModulePlugin via bigint arithmetic
  • 818b8ec refactor: rebase
  • 54577b4 test: update
  • 03ee59a feat: allow to disable dev server

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@coveralls
Copy link

Pull Request Test Coverage Report for Build 7906190974

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 98.328%

Totals Coverage Status
Change from base Build 7034846062: 0.0%
Covered Lines: 374
Relevant Lines: 375

💛 - Coveralls

Copy link
Contributor

This pull request is stale because it has been open 30 days with no activity.

@lholmquist lholmquist closed this Apr 30, 2024
@lholmquist lholmquist deleted the snyk-upgrade-46388586fc9ad3d3f8e32a4e6f44570b branch April 30, 2024 12:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants