Skip to content

[Snyk] Upgrade webpack from 5.24.4 to 5.28.0 #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
snyk-bot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade webpack from 5.24.4 to 5.28.0 #3

snyk-bot wants to merge 1 commit into from

Conversation

@snyk-bot
Copy link

@snyk-bot snyk-bot commented Apr 21, 2021

Snyk has created this PR to upgrade webpack from 5.24.4 to 5.28.0.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 10 versions ahead of your current version.
  • The recommended version was released a month ago, on 2021-03-24.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Command Injection
SNYK-JS-LODASH-1040724		 467/1000
Why? Proof of Concept exploit, CVSS 7.2		 Proof of Concept
Command Injection
SNYK-JS-NODENOTIFIER-1035794		 467/1000
Why? Proof of Concept exploit, CVSS 7.2		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 467/1000
Why? Proof of Concept exploit, CVSS 7.2		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355		 467/1000
Why? Proof of Concept exploit, CVSS 7.2		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905		 467/1000
Why? Proof of Concept exploit, CVSS 7.2		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905		 467/1000
Why? Proof of Concept exploit, CVSS 7.2		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: webpack
  • 5.28.0 - 2021-03-24

    Features

    • add module.generator.asset.publicPath to configure a different publicPath for assets

    Bugfixes

    • fixes a watch mode caching problem which was introduced in 5.26.0 when using the unsafe cache

    Performance

    • improve serialization performance
  • 5.27.2 - 2021-03-22

    Bugfixes

    • fix error reporting when errors happen in beforeLoaders hook
    • avoid crash when experiments.lazyCompilation is used (regression)
    • fix lazy compilation opt-out when HMR accept/decline is used on an import()
    • fix new URL(new URL generated by worker handing
  • 5.27.1 - 2021-03-20

    Bugfix

    • allow invalidation after first watch run in MultiCompilers
  • 5.27.0 - 2021-03-19

    Features

    • add utils: { contextify(context, absolutePath), absolutify(context, request) } to loader context

    Bugfixes

    • fix caching bug when split chunks of an entrypoint change and modules of the entrypoint stay equal
    • fix imports field handling
    • fix incorrect id assignment of record ids plugin
      • this causes ids changing unnecessary during watch mode
    • fix library exports when using onChunks in entry
      • This prevented using libraries with web target when using splitChunks for the initial chunks
  • 5.26.3 - 2021-03-17

    Bugfix

    • fix race condition in MultiCompiler queueing
  • 5.26.2 - 2021-03-16

    Bugfixes

    • fix problem with new line after comment
    • fix assign libraries with runtime chunk
  • 5.26.1 - 2021-03-16

    Bugfixes

    • avoid using strict mode runtime for assign libraries to allow assigning not existing variables
    • avoid collision with Set.addAll polyfill
    • allow filenames starting with ../ when generation the undo path for non-web targets
  • 5.26.0 - 2021-03-15

    Features

    • handle cache version automatically for DefinePlugin
      • Values no longer need to be defined as build dependencies
    • add more options for DefinePlugin.runtimeValue (file/context/missing/buildDependencies, version)

    Bugfixes

    • fix a memory leak which happens in watch mode with caching when modules are removed from the compilation
    • fix usage of some arrow functions when es5 target is selected
    • chunk loading in workers now uses publicPath instead of relative paths
      • fixes a problem when worker file is in a child directory
  • 5.25.1 - 2021-03-14

    Bugfixes

    • fix startup logic when non-js chunks are in the entrypoint
    • remove type: "module" for Workers when generating classic scripts
  • 5.25.0 - 2021-03-12

    Features

    • Refactor the startup logic to improve library support
    • add __webpack_runtime_id__ to access the current runtime id
    • improve error handling for HMR
      • add second argument to self accept error handler to pass new module and module id
      • add error handler argument to dependency accept, passing error and module ids
    • add output.strictModuleErrorHandling to opt into stricter evaluation error handling semantics according to ESM spec
      • used by default when HMR is enabled
    • when ignoring a module used by new URL() this will result in an url to a empty file ("data:,")
    • add module.generator.asset.emit option to disable creating assets from asset modules (e. g. for SSR)

    Bugfixes

    • fix problem when library options apply to a non-runtime chunk
    • fix crash in splitChunks.maxSize where negative indicies are accessed
    • fix sub-optimal splitting of splitChunks.maxSize in some cases when multiple size types are involved
    • fix a memory leak in AssetGenerator
    • fix usage of runtime globals in SharedPlugin to support HMR updates

    Deprecations

    • deprecate output.strictModuleExceptionHandling (this is the CommonJS way of handling errors, and the name is weird)
  • 5.24.4 - 2021-03-08
from webpack GitHub release notes
Commit messages
Package name: webpack
  • 15110ea 5.28.0
  • 432dddc Merge pull request #12968 from shYkiSto/fix-lost-cached-module-data
  • 9566a5b fix(NormalModule): call super to restore base module cache data
  • 0307bcf Merge pull request #12902 from xiaoxiaojx/feat/assetModulePublicPath
  • 318a73e Merge pull request #12955 from webpack/perf/serialize
  • 3f378d9 improve cache serialization by 30%
  • 1c044bc 5.27.2
  • 57dd584 Merge pull request #12948 from webpack/bugfix/worker-duplicate-url
  • 3bdfa84 remove from normalization
  • 7f362c8 merge related info correctly
  • c5fa751 remove `output.assetModulePublicPath` as it would be redundant to `module.generator.asset.publicPath`
  • d500420 fix duplicate new URL and spacing for worker dependencies
  • ebe509a Merge pull request #12939 from 7rulnik/patch-2
  • 1f46040 Merge pull request #12945 from webpack/bugfix/lazy-compilation
  • d7facfd Merge pull request #12946 from webpack/bugfix/error-in-before-loaders
  • 50a1700 add test case
  • d237068 allow HMR deps for lazy compilation
  • 9d28d7c fix lazy compilation caching
  • 9c648cf improve error handling in beforeLoaders hook
  • 69d4e17 5.27.1
  • 55fd79e feat: support assetModulePublicPath
  • e912f50 Add NO_PUBLIC_PATH for worker example
  • dd80303 Merge pull request #12938 from animecyc/bugfix/blocked-multicompiler
  • 94bd3bc fix: allow invalidation after first watch run

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@snyk-bot