Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade webpack from 5.74.0 to 5.75.0 #92

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade webpack from 5.74.0 to 5.75.0 #92

wants to merge 6 commits into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade webpack from 5.74.0 to 5.75.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 1 version ahead of your current version.
  • The recommended version was released 21 days ago, on 2022-11-09.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-LOADERUTILS-3043105		 375/1000
Why? CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LOADERUTILS-3105943		 375/1000
Why? CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LOADERUTILS-3042992		 375/1000
Why? CVSS 7.5		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: webpack
  • 5.75.0 - 2022-11-09

    Bugfixes

    • experiments.* normalize to false when opt-out
    • avoid NaN%
    • show the correct error when using a conflicting chunk name in code
    • HMR code tests existance of window before trying to access it
    • fix eval-nosources-* actually exclude sources
    • fix race condition where no module is returned from processing module
    • fix position of standalong semicolon in runtime code

    Features

    • add support for @ import to extenal CSS when using experimental CSS in node
    • add i64 support to the deprecated WASM implementation

    Developer Experience

    • expose EnableWasmLoadingPlugin
    • add more typings
    • generate getters instead of readonly properties in typings to allow overriding them
  • 5.74.0 - 2022-07-25

    Features

    • add resolve.extensionAlias option which allows to alias extensions
      • This is useful when you are forced to add the .js extension to imports when the file really has a .ts extension (typescript + "type": "module")
    • add support for ES2022 features like static blocks
    • add Tree Shaking support for ProvidePlugin

    Bugfixes

    • fix persistent cache when some build dependencies are on a different windows drive
    • make order of evaluation of side-effect-free modules deterministic between concatenated and non-concatenated modules
    • remove left-over from debugging in TLA/async modules runtime code
    • remove unneeded extra 1s timestamp offset during watching when files are actually untouched
      • This sometimes caused an additional second build which are not really needed
    • fix shareScope option for ModuleFederationPlugin
    • set "use-credentials" also for same origin scripts

    Performance

    • Improve memory usage and performance of aggregating needed files/directories for watching
      • This affects rebuild performance

    Extensibility

    • export HarmonyImportDependency for plugins
from webpack GitHub release notes
Commit messages
Package name: webpack
  • 8241da7 5.75.0
  • a91d923 Merge pull request #16458 from webpack/bugfix/semi
  • 4608b11 Merge pull request #16457 from webpack/tooling/update
  • dfdd0b0 Merge pull request #16122 from AnmolBansalDEV/bug/compilationCallback
  • 23b9a1c Merge pull request #16167 from exposir/fixts
  • 6f2c5e8 Merge pull request #16257 from alexzhang1030/calc_deterministic_verbose
  • f7f36ad Merge pull request #16339 from Liamolucko/wasm-i64
  • 761a542 fix semicolon position
  • 2403a36 Merge pull request #16345 from ahabhgk/fix-eval-nosources
  • c18203c update tooling
  • fcccd19 Merge pull request #15818 from noreiller/fix-css-external-in-node
  • aa560ad Merge pull request #15859 from donalffons/main
  • a8d7922 Merge pull request #16088 from webpack/correct-error-with-wrong-chunkname
  • d58d4c9 Merge pull request #16111 from webpack/fix-tap-naming
  • c109651 Merge pull request #16144 from KurumiRin/main
  • 636f321 Merge pull request #16200 from ahabhgk/chore-jsdoc
  • d328609 Merge pull request #16208 from SonOfLilit/main
  • 9aa7e43 Merge pull request #16209 from buzuosheng/main
  • c7c68a6 Merge pull request #16210 from SukkaW/docs-readme-remove-david-dm
  • 1fd8bc5 fix: eval-nosources-* still contains sourcesContent
  • cb9248c Use `webassembly-feature` properly
  • a74f64e Add `i64` to the set of JS-compatible wasm types in `syncWebAssembly` mode
  • 61dee6e perf(ids): remove assignDeterministic verbose code to improve performance
  • 5023184 docs: remove david-dm from README

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

nanasess and others added 6 commits October 7, 2022 13:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@snyk-bot @nanasess