[Snyk] Security upgrade webpack from 4.44.0 to 5.0.0 #47

abood640 · 2024-10-24T03:11:57Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	701/1000 Why? Recently disclosed, Has a fix available, CVSS 8.3	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8172694	Yes	No Known Exploit
	828/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.7	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8187303	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: webpack

The new version differs by 250 commits.

610f368 5.0.0
5ce65c1 update examples
bbe1230 Merge pull request repo sync github/docs#11628 from webpack/bugfix/real-content-hash
75ecff2 5.0.0-rc.6
bfc35d6 Merge pull request Additional TOTP options github/docs#11603 from MayaWolf/master
76e8cbd Merge pull request repo sync github/docs#11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
36bcfaa Merge pull request Tweak AWS OIDC instructions github/docs#11621 from webpack/bugfix/11619
9130d10 fix called variables with ProvidePlugin
3e42105 Merge pull request OIDC cloud-specific docs are missing environment variables github/docs#11620 from webpack/bugfix/11617
4709719 skip connections copied to concatenated module
57b493f 5.0.0-rc.5
1658e2f Merge pull request repo sync github/docs#11618 from webpack/bugfix/11615
a8fb45d fixes crash in SideEffectsFlagPlugin
84b196d emit error instead of crashing when unexpected problem occurs
5573fed Merge pull request Patch 2 github/docs#11601 from Hornwitser/improve-suggested-polyfill-config
9b5cce9 Merge pull request repo sync github/docs#11609 from snitin315/export-types
37c495c export type RuleSetUseItem
39faf34 export type RuleSetUse
e5fd246 export type RuleSetConditionAbsolute
660baad export RuleSetCondition types
13e3ca5 Merge pull request Beaconcha.in ETH2 API 1.0 github/docs#11602 from webpack/bugfix/shared-runtime-chunk
9c0587e Merge pull request Index.Md github/docs#11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
502d166 Merge pull request https://maps.app.goo.gl/?link=https://www.google.com/maps/dir///@35.7…https://maps.app.goo.gl/?link=https://www.google.com/maps/dir///@35.7761024,50.970624,10z/data%3D!4m5!4m4!1m1!4e2!1m0!3e2?entry%3Dml&apn=com.google.android.apps.maps&amv=914018424&isi=585027354&ibi=com.google.Maps&ius=comgooglemapsurl&utm_campaign=ml_promo&ct=ml-nonlu-md-dc-en&mt=8&pt=9008&cid=5697265834171445826&_fpb=CLgEEMACGgVlbi1VUw==&_cpt=cpit&_iumenbl=1&_iumchkactval=1&_plt=3691&_uit=2653&_cpb=1&_icp=1 github/docs#11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8172694 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303

socket-security · 2024-10-24T03:12:44Z

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@gar/promisify@1.1.3	None	`0`	4.2 kB	gar
npm/@jridgewell/gen-mapping@0.3.5	None	`0`	81.6 kB	jridgewell
npm/@jridgewell/resolve-uri@3.1.2	None	`0`	53.2 kB	jridgewell
npm/@jridgewell/set-array@1.2.1	None	`0`	17.9 kB	jridgewell
npm/@jridgewell/source-map@0.3.6	None	`0`	177 kB	jridgewell
npm/@jridgewell/sourcemap-codec@1.5.0	None	`0`	113 kB	jridgewell
npm/@jridgewell/trace-mapping@0.3.25	None	`0`	169 kB	jridgewell
npm/@npmcli/fs@1.1.1	filesystem	`0`	41.9 kB	nlf
npm/@types/eslint-scope@3.7.7	None	`0`	6.27 kB	types
npm/@types/eslint@9.6.1	None	`0`	196 kB	types
npm/@types/estree@0.0.45	None	`0`	22.6 kB	types
npm/@types/json-schema@7.0.15	None	`0`	31.7 kB	types
npm/aggregate-error@3.1.0	None	`0`	6.69 kB	sindresorhus
npm/ajv@6.12.6	eval	`0`	929 kB	esp
npm/cacache@15.3.0	filesystem	`0`	76.3 kB	nlf
npm/glob-to-regexp@0.4.1	None	`0`	18.1 kB	nickfitzgerald
npm/glob@7.2.3	filesystem	`0`	55.1 kB	isaacs
npm/graceful-fs@4.2.11	environment, filesystem	`0`	32.5 kB	isaacs
npm/jest-worker@26.6.2	environment, shell	`0`	66.9 kB	simenb
npm/loader-runner@4.3.0	eval, filesystem	`0`	18.4 kB	sokra
npm/mime-db@1.52.0	None	`0`	206 kB	dougwilson
npm/mime-types@2.1.35	None	`0`	18.3 kB	dougwilson
npm/mockdate@3.0.2	None	`0`	13.4 kB	boblauer
npm/morgan@1.9.1	eval	`0`	28.7 kB	dougwilson
npm/ms@2.0.0	None	`0`	6.27 kB	leo
npm/nan@2.14.0	None	`0`	417 kB	kkoopa
npm/nanomatch@1.2.13	None	`0`	86.3 kB	jonschlinkert
npm/natural-compare@1.4.0	None	`0`	5.65 kB	megawac
npm/negotiator@0.6.1	None	`0`	28 kB	dougwilson
npm/neo-async@2.6.2	None	`0`	298 kB	suguru03
npm/next-tick@1.0.0	None	`0`	6.51 kB	medikoo
npm/nice-try@1.0.5	None	`0`	3.75 kB	electerious
npm/no-case@2.3.2	None	`0`	30.8 kB	blakeembrey
npm/nocache@2.1.0	None	`0`	4.47 kB	evanhahn
npm/nock@13.0.4	environment, filesystem, network	`0`	174 kB	nockbot
npm/node-fetch@2.6.1	network	`0`	158 kB	akepinski
npm/node-int64@0.4.0	None	`0`	16.3 kB	broofa
npm/node-modules-regexp@1.0.0	None	`0`	2.73 kB	jamestalmage
npm/node-notifier@7.0.0	environment, filesystem, network, shell	`0`	5.69 MB	mikaelb
npm/node-releases@1.1.70	None	`0`	235 kB	chicoxyzzy
npm/node.extend@2.0.2	None	`0`	38.6 kB	ljharb
npm/nodemon@2.0.4	environment, filesystem, shell	`0`	107 kB	remy
npm/normalize-package-data@2.4.0	None	`0`	26.6 kB	iarna
npm/normalize-path@2.1.1	None	`0`	8.46 kB	jonschlinkert
npm/normalize-url@4.2.0	None	`0`	15.6 kB	sindresorhus
npm/not@0.1.0	None	`0`	2.37 kB	raynos
npm/npm-merge-driver-install@2.0.0	environment, filesystem, shell	`0`	15.9 kB	brandonocasey
npm/npm-run-path@2.0.2	environment	`0`	4.53 kB	sindresorhus
npm/nth-check@1.0.2	None	`0`	5.54 kB	feedic
npm/nwsapi@2.2.0	None	`0`	80.5 kB	diego
npm/oauth-sign@0.9.0	None	`0`	13.8 kB	simov
npm/object-assign@4.1.1	None	`0`	5.49 kB	sindresorhus
npm/object-copy@0.1.0	None	`0`	5.47 kB	jonschlinkert
npm/object-hash@2.0.1	None	`0`	259 kB	addaleax
npm/object-inspect@1.4.1	None	`0`	73.6 kB	ljharb
npm/object-keys@1.1.1	None	`0`	26.5 kB	ljharb
npm/object-visit@1.0.1	None	`0`	6.7 kB	jonschlinkert
npm/object.assign@4.1.2	None	`0`	62.4 kB	ljharb
npm/object.pick@1.3.0	None	`0`	6.36 kB	phated
npm/object.values@1.1.1	None	`0`	13.4 kB	ljharb

🚮 Removed packages: npm/@types/json-schema@7.0.5, npm/aggregate-error@3.0.1, npm/ajv@6.11.0, npm/aproba@1.2.0, npm/asn1.js@4.10.1, npm/assert@1.4.1, npm/async-each@1.0.3, npm/binary-extensions@1.13.1, npm/bn.js@5.1.2, npm/brorand@1.1.0, npm/browserify-aes@1.2.0, npm/browserify-cipher@1.0.1, npm/browserify-des@1.0.2, npm/browserify-rsa@4.0.1, npm/browserify-sign@4.2.0, npm/browserify-zlib@0.2.0, npm/buffer-xor@1.0.3, npm/buffer@4.9.2, npm/builtin-status-codes@3.0.0, npm/cacache@12.0.4, npm/cipher-base@1.0.4, npm/console-browserify@1.2.0, npm/constants-browserify@1.0.0, npm/copy-concurrently@1.0.5, npm/create-ecdh@4.0.3, npm/create-hash@1.2.0, npm/create-hmac@1.1.7, npm/crypto-browserify@3.12.0, npm/cyclist@1.0.1, npm/des.js@1.0.1, npm/diffie-hellman@5.0.3, npm/domain-browser@1.2.0, npm/duplexify@3.7.1, npm/elliptic@6.5.3, npm/esrecurse@4.2.1, npm/evp_bytestokey@1.0.3, npm/figgy-pudding@3.5.2, npm/flush-write-stream@1.1.1, npm/from2@2.3.0, npm/fs-write-stream-atomic@1.0.10, npm/fsevents@1.2.11, npm/glob-parent@3.1.0, npm/glob@7.1.3, npm/graceful-fs@4.1.11, npm/hash-base@3.1.0, npm/hash.js@1.1.7, npm/hmac-drbg@1.0.1, npm/https-browserify@1.0.0, npm/iferr@0.1.5, npm/is-binary-path@1.0.1, npm/is-glob@3.1.0, npm/jest-worker@26.0.0, npm/loader-runner@2.4.0, npm/md5.js@1.3.5, npm/miller-rabin@4.0.1, npm/mime-db@1.38.0, npm/mime-types@2.1.22, npm/minimalistic-assert@1.0.1, npm/minimalistic-crypto-utils@1.0.1, npm/mississippi@3.0.0

View full report↗︎

fix: package.json & package-lock.json to reduce vulnerabilities

dc2b636

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8172694 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade webpack from 4.44.0 to 5.0.0 #47

[Snyk] Security upgrade webpack from 4.44.0 to 5.0.0 #47

abood640 commented Oct 24, 2024

socket-security bot commented Oct 24, 2024

[Snyk] Security upgrade webpack from 4.44.0 to 5.0.0 #47

Are you sure you want to change the base?

[Snyk] Security upgrade webpack from 4.44.0 to 5.0.0 #47

Conversation

abood640 commented Oct 24, 2024

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

socket-security bot commented Oct 24, 2024