Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update dependency webpack to v5.76.0 [security] #3080

Closed
wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 23, 2023

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
webpack 5.74.0 -> 5.76.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.


Release Notes

webpack/webpack (webpack)

v5.76.0

Compare Source

Bugfixes

Features

Security

Repo Changes

New Contributors

Full Changelog: webpack/webpack@v5.75.0...v5.76.0

v5.75.0

Compare Source

Bugfixes

  • experiments.* normalize to false when opt-out
  • avoid NaN%
  • show the correct error when using a conflicting chunk name in code
  • HMR code tests existance of window before trying to access it
  • fix eval-nosources-* actually exclude sources
  • fix race condition where no module is returned from processing module
  • fix position of standalong semicolon in runtime code

Features

  • add support for @import to extenal CSS when using experimental CSS in node
  • add i64 support to the deprecated WASM implementation

Developer Experience

  • expose EnableWasmLoadingPlugin
  • add more typings
  • generate getters instead of readonly properties in typings to allow overriding them

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch from d99b30a to bd1eb27 Compare April 3, 2023 14:05
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch from bd1eb27 to ecef4aa Compare April 17, 2023 10:16
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch 2 times, most recently from e94a961 to 2aa23d7 Compare June 4, 2023 15:07
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch 3 times, most recently from b004b14 to 7a0a51f Compare June 19, 2023 07:41
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch 3 times, most recently from 8ffe884 to ab03200 Compare June 29, 2023 07:44
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch 3 times, most recently from b18d331 to adb021a Compare July 13, 2023 05:59
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch 2 times, most recently from 3740496 to 29c549f Compare July 19, 2023 13:16
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch 2 times, most recently from c67d66f to 41f3dd0 Compare August 1, 2023 13:26
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch 2 times, most recently from 2b0d302 to d62c1b3 Compare August 9, 2023 14:13
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch 2 times, most recently from a4eeee3 to bb47b6b Compare August 22, 2023 22:17
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch 2 times, most recently from 1eac42b to 2183c3c Compare August 31, 2023 13:24
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch 2 times, most recently from 78d1518 to 1c71a18 Compare September 19, 2023 12:33
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch 2 times, most recently from 7e61b1a to a06b503 Compare September 28, 2023 12:46
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch 2 times, most recently from edad23b to 57f9407 Compare October 9, 2023 07:29
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch 2 times, most recently from 76afcc9 to b229b78 Compare October 15, 2023 10:54
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch 2 times, most recently from daa679b to e6aa3d1 Compare October 25, 2023 12:50
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch 2 times, most recently from 763ccf4 to bfa57da Compare November 6, 2023 23:31
@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch from bfa57da to d02bdb5 Compare November 9, 2023 08:20
Copy link

sonarcloud bot commented Nov 9, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@SavelevMatthew SavelevMatthew added the ☠ Dead / 🐞 Debug Needs to be closed. You don't need to look at this PR label Nov 10, 2023
@SavelevMatthew SavelevMatthew deleted the renovate/npm-webpack-vulnerability branch November 10, 2023 14:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
☠ Dead / 🐞 Debug Needs to be closed. You don't need to look at this PR dependencies
Development

Successfully merging this pull request may close these issues.

None yet

1 participant