generated from 8iq/nodejs-hackathon-boilerplate-starter-kit
-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update dependency webpack to v5.76.0 [security] #3080
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
d99b30a
to
bd1eb27
Compare
bd1eb27
to
ecef4aa
Compare
e94a961
to
2aa23d7
Compare
b004b14
to
7a0a51f
Compare
8ffe884
to
ab03200
Compare
b18d331
to
adb021a
Compare
3740496
to
29c549f
Compare
c67d66f
to
41f3dd0
Compare
2b0d302
to
d62c1b3
Compare
a4eeee3
to
bb47b6b
Compare
1eac42b
to
2183c3c
Compare
78d1518
to
1c71a18
Compare
7e61b1a
to
a06b503
Compare
edad23b
to
57f9407
Compare
76afcc9
to
b229b78
Compare
daa679b
to
e6aa3d1
Compare
763ccf4
to
bfa57da
Compare
bfa57da
to
d02bdb5
Compare
Kudos, SonarCloud Quality Gate passed! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
5.74.0
->5.76.0
GitHub Vulnerability Alerts
CVE-2023-28154
Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.
Release Notes
webpack/webpack (webpack)
v5.76.0
Compare Source
Bugfixes
generatedCode
info to fix bug in asset module cache restoration by @ryanwilsonperkin in https://github.com/webpack/webpack/pull/16703hashRegExp
lookup by @ryanwilsonperkin in https://github.com/webpack/webpack/pull/16759Features
target
toLoaderContext
type by @askoufis in https://github.com/webpack/webpack/pull/16781Security
Repo Changes
New Contributors
Full Changelog: webpack/webpack@v5.75.0...v5.76.0
v5.75.0
Compare Source
Bugfixes
experiments.*
normalize tofalse
when opt-outNaN%
window
before trying to access iteval-nosources-*
actually exclude sourcesFeatures
@import
to extenal CSS when using experimental CSS in nodei64
support to the deprecated WASM implementationDeveloper Experience
EnableWasmLoadingPlugin
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.