opossum icon indicating copy to clipboard operation
opossum copied to clipboard

Published 20 hours ago verified publisher icon nodeshift

[Snyk] Upgrade webpack from 4.46.0 to 5.74.0

Open snyk-bot opened this issue 2 years ago • 1 comments

Snyk has created this PR to upgrade webpack from 4.46.0 to 5.74.0.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 208 versions ahead of your current version.
  • The recommended version was released 22 days ago, on 2022-07-25.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TERSER-2806366		 265/1000
Why? CVSS 5.3		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: webpack
  • 5.74.0 - 2022-07-25

    Features

    • add resolve.extensionAlias option which allows to alias extensions
      • This is useful when you are forced to add the .js extension to imports when the file really has a .ts extension (typescript + "type": "module")
    • add support for ES2022 features like static blocks
    • add Tree Shaking support for ProvidePlugin

    Bugfixes

    • fix persistent cache when some build dependencies are on a different windows drive
    • make order of evaluation of side-effect-free modules deterministic between concatenated and non-concatenated modules
    • remove left-over from debugging in TLA/async modules runtime code
    • remove unneeded extra 1s timestamp offset during watching when files are actually untouched
      • This sometimes caused an additional second build which are not really needed
    • fix shareScope option for ModuleFederationPlugin
    • set "use-credentials" also for same origin scripts

    Performance

    • Improve memory usage and performance of aggregating needed files/directories for watching
      • This affects rebuild performance

    Extensibility

    • export HarmonyImportDependency for plugins
  • 5.73.0 - 2022-06-02

    Features

    • add options for default dynamicImportMode and prefetch and preload
    • add support for import { createRequire } from "module" in source code

    Bugfixes

    • fix code generation of e. g. return"field"in Module
    • fix performance of large JSON modules
    • fix performance of async modules evaluation

    Developer Experience

    • export PathData in typings
    • improve error messages with more details
  • 5.72.1 - 2022-05-10

    Bugfixes

    • fix __webpack_nonce__ with HMR
    • fix in operator in some cases
    • fix json parsing error messages
    • fix module concatenation with using this.importModule
    • upgrade enhanced-resolve
  • 5.72.0 - 2022-04-07

    Features

    • make cache warnings caused by build errors less verbose
    • Allow banner to be placed as a footer with the BannerPlugin
    • allow to concatenate asset modules

    Bugfixes

    • fix RemoteModules when using HMR (Module Federation + HMR)
    • throw error when using module concatenation and cacheUnaffected
    • fix in operator with nested exports
  • 5.71.0 - 2022-04-01

    Features

    • choose smarter default for uniqueName when using a output.library which includes placeholders
    • add support for expressions with in of a imported binding
    • generate UMD code with arrow functions when possible

    Bugfixes

    • fix source map source names for ContextModule to be relative
    • fix chunkLoading option in module module
    • fix edge case where evaluateExpression returns null
    • retain optional chaining in imported bindings
    • include runtime code for the base URI even if not using chunk loading
    • don't throw errors in persistent caching when importing node.js builtin modules via ESM
    • fix crash when using lazy-once Context modules
    • improve handling of context modules with multiple contexts
    • fix race condition HMR chunk loading when importing chunks during HMR updating
    • handle errors in runAsChild callback
  • 5.70.0 - 2022-03-03

    Features

    • update node.js version constraints for ESM support
    • add baseUri to entry options to configure a static base uri (the base of new URL())
    • alphabetically sort exports in namespace objects when possible
    • add __webpack_exports_info__.name.canMangle
    • add proxy support to experiments.buildHttp
    • import.meta.webpackContext as ESM alternative to require.context
    • handle multiple alternative directories (e. g. due to resolve.alias or resolve.modules) when creating an context module

    Bugfixes

    • fix problem when assigning global to a variable
    • fix crash when using experiments.outputModule and loaderContext.importModule with multiple chunks
    • avoid generating progress output before the compilation has started (ProgressPlugin)
    • fix handling of non-static-ESM dependencies with using TLA and HMR in the same module
    • include the asset module filename in hashing
    • output.clean will keep HMR assets for at least 10s to allow HMR to access them even when compilation is faster then the browser

    Performance

    • fix asset caching when using the BannerPlugin

    Developer Experience

    • improve typings

    Contributing

    • capture caching errors when running the test suite
  • 5.69.1 - 2022-02-17

    Revert

    • revert "handle multiple alternative directories (e. g. due to resolve.alias or resolve.modules) when creating an context module"
  • 5.69.0 - 2022-02-15

    Features

    • automatically switch to an ESM compatible environment when enabling ESM output mode
    • handle multiple alternative directories (e. g. due to resolve.alias or resolve.modules) when creating an context module
    • add util/types to node.js built-in modules
    • add __webpack_exports_info__.<name>.canMangle api

    Bugfixes

    • fix bug in chunk graph generation which leads to modules being included in chunk desprite them being already included in parent chunks
    • avoid writing more than 2GB at once during cache serialization (as workaround for node.js/libuv bug on MacOS)
    • fix handling of whitespaces in semver ranges when using Module Federation
    • avoid generating hashes which contain only numbers as they likely conflict with module ids
    • fix resource name based placeholders for data uris
    • fix cache serialization for context elements
    • fix passing of stage option when instrumenting plugins for the ProfilingPlugin
    • fix tracking of declarations in concatenated modules to avoid conflicts
    • fix unstable mangling of exports
    • fix handling of # in paths of loaders
    • avoid unnecessary cache update when using experiments.buildHttp

    Contributing

    • update typescript and jest

    Developer Experience

    • expose some additional typings for usage in webpack-cli
  • 5.68.0 - 2022-01-31

    Features

    • allow to disable compile time evaluation of import.meta.url
    • add __webpack_module__ and __webpack_module__.id to the api

    Bugfixes

    • fix handling of errors thrown in async modules
  • 5.67.0 - 2022-01-21

    Features

    • add 'outputPath' configuration option for resource asset modules
    • support Trusted Types in eval source maps
    • experiments.css
      • allow to generate only exports for css in node
      • add SyncModuleIdsPlugin to sync module ids between server and client compilation
      • add more options to the DeterministicModuleIdsPlugin to allow to generate equal ids

    Developer Experience

    • limit data url module name in stats printer
    • allow specific description for CLI options
    • improve space limiting algorithm in stats printing to show partial lists
    • add null to errors in callbacks
    • fix call signature types of addChunkInGroup

    Bugfixes

    • avoid reporting non-existant package.jsons as dependencies
    • experiments.css
      • fix missing css runtime when only initial css is used
      • fix css hmr support
      • bugfixes to css modules
    • fix cache serialization for CreateScriptUrlDependency
    • fix data url content when processed by a loader
    • fix regexp in identifiers that include |
    • fix ProfilingPlugin for watch scenarios
    • add layer to module names and identifiers
      • this avoid random module id changes when additional modules are added to another layer
    • provide hashFunction parameter to DependencyTemplates to allow customizing it there
    • fix HMR when experiments.lazyCompilation is enabled
    • store url as Buffer to avoid serialization warnings
    • exclude webpack-hot-middleware/client from lazy compilation

    Contributing

    • remove travis configuration
    • improve spell checking
  • 5.66.0 - 2022-01-12
  • 5.65.0 - 2021-12-06
  • 5.64.4 - 2021-11-25
  • 5.64.3 - 2021-11-24
  • 5.64.2 - 2021-11-20
  • 5.64.1 - 2021-11-15
  • 5.64.0 - 2021-11-11
  • 5.63.0 - 2021-11-09
  • 5.62.2 - 2021-11-09
  • 5.62.1 - 2021-11-05
  • 5.62.0 - 2021-11-05
  • 5.61.0 - 2021-10-29
  • 5.60.0 - 2021-10-25
  • 5.59.1 - 2021-10-20
  • 5.59.0 - 2021-10-19
  • 5.58.2 - 2021-10-13
  • 5.58.1 - 2021-10-08
  • 5.58.0 - 2021-10-07
  • 5.57.1 - 2021-10-05
  • 5.57.0 - 2021-10-05
  • 5.56.1 - 2021-10-04
  • 5.56.0 - 2021-10-01
  • 5.55.1 - 2021-09-29
  • 5.55.0 - 2021-09-28
  • 5.54.0 - 2021-09-24
  • 5.53.0 - 2021-09-16
  • 5.52.1 - 2021-09-10
  • 5.52.0 - 2021-09-03
  • 5.51.2 - 2021-09-02
  • 5.51.1 - 2021-08-19
  • 5.51.0 - 2021-08-19
  • 5.50.0 - 2021-08-10
  • 5.49.0 - 2021-08-06
  • 5.48.0 - 2021-08-02
  • 5.47.1 - 2021-07-29
  • 5.47.0 - 2021-07-27
  • 5.46.0 - 2021-07-22
  • 5.45.1 - 2021-07-16
  • 5.45.0 - 2021-07-16
  • 5.44.0 - 2021-07-08
  • 5.43.0 - 2021-07-06
  • 5.42.1 - 2021-07-05
  • 5.42.0 - 2021-07-02
  • 5.41.1 - 2021-06-29
  • 5.41.0 - 2021-06-28
  • 5.40.0 - 2021-06-21
  • 5.39.1 - 2021-06-17
  • 5.39.0 - 2021-06-14
  • 5.38.1 - 2021-05-27
  • 5.38.0 - 2021-05-27
  • 5.37.1 - 2021-05-19
  • 5.37.0 - 2021-05-10
  • 5.36.2 - 2021-04-30
  • 5.36.1 - 2021-04-28
  • 5.36.0 - 2021-04-27
  • 5.35.1 - 2021-04-23
  • 5.35.0 - 2021-04-21
  • 5.34.0 - 2021-04-19
  • 5.33.2 - 2021-04-14
  • 5.33.1 - 2021-04-14
  • 5.33.0 - 2021-04-14
  • 5.32.0 - 2021-04-12
  • 5.31.2 - 2021-04-09
  • 5.31.1 - 2021-04-09
  • 5.31.0 - 2021-04-07
  • 5.30.0 - 2021-04-01
  • 5.29.0 - 2021-04-01
  • 5.28.0 - 2021-03-24
  • 5.27.2 - 2021-03-22
  • 5.27.1 - 2021-03-20
  • 5.27.0 - 2021-03-19
  • 5.26.3 - 2021-03-17
  • 5.26.2 - 2021-03-16
  • 5.26.1 - 2021-03-16
  • 5.26.0 - 2021-03-15
  • 5.25.1 - 2021-03-14
  • 5.25.0 - 2021-03-12
  • 5.24.4 - 2021-03-08
  • 5.24.3 - 2021-03-03
  • 5.24.2 - 2021-02-24
  • 5.24.1 - 2021-02-23
  • 5.24.0 - 2021-02-22
  • 5.23.0 - 2021-02-18
  • 5.22.0 - 2021-02-15
  • 5.21.2 - 2021-02-07
  • 5.21.1 - 2021-02-06
  • 5.21.0 - 2021-02-05
  • 5.20.2 - 2021-02-04
  • 5.20.1 - 2021-02-03
  • 5.20.0 - 2021-02-02
  • 5.19.0 - 2021-01-29
  • 5.18.0 - 2021-01-26
  • 5.17.0 - 2021-01-22
  • 5.16.0 - 2021-01-19
  • 5.15.0 - 2021-01-15
  • 5.14.0 - 2021-01-13
  • 5.13.0 - 2021-01-11
  • 5.12.3 - 2021-01-10
  • 5.12.2 - 2021-01-09
  • 5.12.1 - 2021-01-08
  • 5.12.0 - 2021-01-08
  • 5.11.1 - 2020-12-28
  • 5.11.0 - 2020-12-17
  • 5.10.3 - 2020-12-15
  • 5.10.2 - 2020-12-15
  • 5.10.1 - 2020-12-11
  • 5.10.0 - 2020-12-04
  • 5.9.0 - 2020-11-28
  • 5.8.0 - 2020-11-26
  • 5.7.0 - 2020-11-26
  • 5.6.0 - 2020-11-19
  • 5.5.1 - 2020-11-18
  • 5.5.0 - 2020-11-17
  • 5.4.0 - 2020-11-03
  • 5.3.2 - 2020-10-29
  • 5.3.1 - 2020-10-28
  • 5.3.0 - 2020-10-27
  • 5.2.1 - 2020-10-27
  • 5.2.0 - 2020-10-22
  • 5.1.3 - 2020-10-16
  • 5.1.2 - 2020-10-15
  • 5.1.1 - 2020-10-15
  • 5.1.0 - 2020-10-13
  • 5.0.0 - 2020-10-10
  • 5.0.0-rc.6 - 2020-10-10
  • 5.0.0-rc.5 - 2020-10-09
  • 5.0.0-rc.4 - 2020-10-07
  • 5.0.0-rc.3 - 2020-09-30
  • 5.0.0-rc.2 - 2020-09-29
  • 5.0.0-rc.1 - 2020-09-28
  • 5.0.0-rc.0 - 2020-09-20
  • 5.0.0-beta.33 - 2020-09-20
  • 5.0.0-beta.32 - 2020-09-18
  • 5.0.0-beta.31 - 2020-09-17
  • 5.0.0-beta.30 - 2020-09-11
  • 5.0.0-beta.29 - 2020-08-28
  • 5.0.0-beta.28 - 2020-08-20
  • 5.0.0-beta.27 - 2020-08-19
  • 5.0.0-beta.26 - 2020-08-14
  • 5.0.0-beta.25 - 2020-08-10
  • 5.0.0-beta.24 - 2020-08-05
  • 5.0.0-beta.23 - 2020-08-02
  • 5.0.0-beta.22 - 2020-07-09
  • 5.0.0-beta.21 - 2020-07-06
  • 5.0.0-beta.20 - 2020-06-29
  • 5.0.0-beta.19 - 2020-06-29
  • 5.0.0-beta.18 - 2020-06-17
  • 5.0.0-beta.17 - 2020-06-03
  • 5.0.0-beta.16 - 2020-05-05
  • 5.0.0-beta.15 - 2020-04-21
  • 5.0.0-beta.14 - 2020-03-02
  • 5.0.0-beta.13 - 2020-01-29
  • 5.0.0-beta.12 - 2020-01-16
  • 5.0.0-beta.11 - 2019-12-24
  • 5.0.0-beta.10 - 2019-12-22
  • 5.0.0-beta.9 - 2019-12-08
  • 5.0.0-beta.8 - 2019-12-08
  • 5.0.0-beta.7 - 2019-11-20
  • 5.0.0-beta.6 - 2019-11-14
  • 5.0.0-beta.5 - 2019-11-13
  • 5.0.0-beta.4 - 2019-11-12
  • 5.0.0-beta.3 - 2019-11-06
  • 5.0.0-beta.2 - 2019-10-31
  • 5.0.0-beta.1 - 2019-10-22
  • 5.0.0-beta.0 - 2019-10-11
  • 5.0.0-alpha.32 - 2019-10-11
  • 5.0.0-alpha.31 - 2019-10-10
  • 5.0.0-alpha.30 - 2019-10-07
  • 5.0.0-alpha.29 - 2019-10-02
  • 5.0.0-alpha.28 - 2019-09-26
  • 5.0.0-alpha.27 - 2019-09-25
  • 5.0.0-alpha.26 - 2019-09-08
  • 5.0.0-alpha.25 - 2019-09-06
  • 5.0.0-alpha.24 - 2019-09-05
  • 5.0.0-alpha.23 - 2019-08-27
  • 5.0.0-alpha.22 - 2019-08-23
  • 5.0.0-alpha.21 - 2019-08-22
  • 5.0.0-alpha.20 - 2019-08-14
  • 5.0.0-alpha.19 - 2019-08-06
  • 5.0.0-alpha.18 - 2019-07-08
  • 5.0.0-alpha.17 - 2019-07-01
  • 5.0.0-alpha.16 - 2019-06-14
  • 5.0.0-alpha.15 - 2019-06-05
  • 5.0.0-alpha.14 - 2019-05-23
  • 5.0.0-alpha.13 - 2019-05-20
  • 5.0.0-alpha.12 - 2019-05-10
  • 5.0.0-alpha.11 - 2019-02-19
  • 5.0.0-alpha.10 - 2019-02-07
  • 5.0.0-alpha.9 - 2019-01-27
  • 5.0.0-alpha.8 - 2019-01-19
  • 5.0.0-alpha.7 - 2019-01-19
  • 5.0.0-alpha.6 - 2019-01-15
  • 5.0.0-alpha.5 - 2019-01-09
  • 5.0.0-alpha.4 - 2019-01-08
  • 5.0.0-alpha.3 - 2018-12-29
  • 5.0.0-alpha.2 - 2018-12-26
  • 5.0.0-alpha.1 - 2018-12-23
  • 5.0.0-alpha.0 - 2018-12-21
  • 4.46.0 - 2021-01-11
from webpack GitHub release notes
Commit messages
Package name: webpack
  • 8f87b50 5.74.0
  • 3e1f244 Merge pull request #16071 from devinan/patch-1
  • c7e14e2 Merge pull request #15910 from ludofischer/fix-message
  • 7b63346 Merge pull request #15627 from webpack/feat/issue-12441
  • 402d152 Merge pull request #15642 from webpack/set-use-credentials-without-origin-check
  • fcb0e35 Merge pull request #15996 from webdiscus/main
  • 6dc6a19 Merge pull request #16031 from evantd/main
  • 52351a6 Merge pull request #16033 from varunsh-coder/token-perms
  • 555915b Merge pull request #16065 from webpack/fix/issue-16054
  • d4cab5b Merge pull request #16077 from webpack/fix-scheme
  • 6e3e037 Merge pull request #16032 from barak007/export-harmony-import-dependency
  • 767f741 fix webpack scheme
  • da13141 Fix badge : compatibility score
  • 8bfcb69 support import/export name as string literal
  • e9f2195 ci: add GitHub token permissions for workflow
  • e3f6702 feat: export HarmonyImportDependency and generate types
  • 1492735 Pass shareScope through to ContainerPlugin & ContainerReferencePlugin
  • 1132eb3 Merge pull request #15991 from gluxon/cached-Snapshot-iterables
  • 7b3f4c0 test: Check that Snapshot iterables have stable identities
  • 751e123 Use stable identities for Snapshot iterables
  • 21ead2f Merge pull request #15940 from amareshsm/update-package.json
  • b904655 Merge pull request #15834 from snitin315/patch-2
  • 674de92 Merge pull request #15909 from fireairforce/upgrade-watchpack-version
  • f7e2128 Merge pull request #16001 from webpack/up-enhanced-resolve

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

snyk-bot avatar Aug 16 '22 06:08 snyk-bot

This pull request is stale because it has been open 30 days with no activity.

github-actions[bot] avatar Sep 16 '22 00:09 github-actions[bot]