Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade webpack from 5.30.0 to 5.74.0 #2

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade webpack from 5.30.0 to 5.74.0 #2

wants to merge 1 commit into from

Conversation

mongoloidkhulmikuki366385
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade webpack from 5.30.0 to 5.74.0.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 75 versions ahead of your current version.
  • The recommended version was released 3 months ago, on 2022-07-25.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TERSER-2806366		 265/1000
Why? CVSS 5.3		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: webpack
  • 5.74.0 - 2022-07-25

    Features

    • add resolve.extensionAlias option which allows to alias extensions
      • This is useful when you are forced to add the .js extension to imports when the file really has a .ts extension (typescript + "type": "module")
    • add support for ES2022 features like static blocks
    • add Tree Shaking support for ProvidePlugin

    Bugfixes

    • fix persistent cache when some build dependencies are on a different windows drive
    • make order of evaluation of side-effect-free modules deterministic between concatenated and non-concatenated modules
    • remove left-over from debugging in TLA/async modules runtime code
    • remove unneeded extra 1s timestamp offset during watching when files are actually untouched
      • This sometimes caused an additional second build which are not really needed
    • fix shareScope option for ModuleFederationPlugin
    • set "use-credentials" also for same origin scripts

    Performance

    • Improve memory usage and performance of aggregating needed files/directories for watching
      • This affects rebuild performance

    Extensibility

    • export HarmonyImportDependency for plugins
  • 5.73.0 - 2022-06-02

    Features

    • add options for default dynamicImportMode and prefetch and preload
    • add support for import { createRequire } from "module" in source code

    Bugfixes

    • fix code generation of e. g. return"field"in Module
    • fix performance of large JSON modules
    • fix performance of async modules evaluation

    Developer Experience

    • export PathData in typings
    • improve error messages with more details
  • 5.72.1 - 2022-05-10

    Bugfixes

    • fix __webpack_nonce__ with HMR
    • fix in operator in some cases
    • fix json parsing error messages
    • fix module concatenation with using this.importModule
    • upgrade enhanced-resolve
  • 5.72.0 - 2022-04-07

    Features

    • make cache warnings caused by build errors less verbose
    • Allow banner to be placed as a footer with the BannerPlugin
    • allow to concatenate asset modules

    Bugfixes

    • fix RemoteModules when using HMR (Module Federation + HMR)
    • throw error when using module concatenation and cacheUnaffected
    • fix in operator with nested exports
  • 5.71.0 - 2022-04-01

    Features

    • choose smarter default for uniqueName when using a output.library which includes placeholders
    • add support for expressions with in of a imported binding
    • generate UMD code with arrow functions when possible

    Bugfixes

    • fix source map source names for ContextModule to be relative
    • fix chunkLoading option in module module
    • fix edge case where evaluateExpression returns null
    • retain optional chaining in imported bindings
    • include runtime code for the base URI even if not using chunk loading
    • don't throw errors in persistent caching when importing node.js builtin modules via ESM
    • fix crash when using lazy-once Context modules
    • improve handling of context modules with multiple contexts
    • fix race condition HMR chunk loading when importing chunks during HMR updating
    • handle errors in runAsChild callback
  • 5.70.0 - 2022-03-03

    Features

    • update node.js version constraints for ESM support
    • add baseUri to entry options to configure a static base uri (the base of new URL())
    • alphabetically sort exports in namespace objects when possible
    • add __webpack_exports_info__.name.canMangle
    • add proxy support to experiments.buildHttp
    • import.meta.webpackContext as ESM alternative to require.context
    • handle multiple alternative directories (e. g. due to resolve.alias or resolve.modules) when creating an context module

    Bugfixes

    • fix problem when assigning global to a variable
    • fix crash when using experiments.outputModule and loaderContext.importModule with multiple chunks
    • avoid generating progress output before the compilation has started (ProgressPlugin)
    • fix handling of non-static-ESM dependencies with using TLA and HMR in the same module
    • include the asset module filename in hashing
    • output.clean will keep HMR assets for at least 10s to allow HMR to access them even when compilation is faster then the browser

    Performance

    • fix asset caching when using the BannerPlugin

    Developer Experience

    • improve typings

    Contributing

    • capture caching errors when running the test suite
  • 5.69.1 - 2022-02-17

    Revert

    • revert "handle multiple alternative directories (e. g. due to resolve.alias or resolve.modules) when creating an context module"
  • 5.69.0 - 2022-02-15

    Features

    • automatically switch to an ESM compatible environment when enabling ESM output mode
    • handle multiple alternative directories (e. g. due to resolve.alias or resolve.modules) when creating an context module
    • add util/types to node.js built-in modules
    • add __webpack_exports_info__.<name>.canMangle api

    Bugfixes

    • fix bug in chunk graph generation which leads to modules being included in chunk desprite them being already included in parent chunks
    • avoid writing more than 2GB at once during cache serialization (as workaround for node.js/libuv bug on MacOS)
    • fix handling of whitespaces in semver ranges when using Module Federation
    • avoid generating hashes which contain only numbers as they likely conflict with module ids
    • fix resource name based placeholders for data uris
    • fix cache serialization for context elements
    • fix passing of stage option when instrumenting plugins for the ProfilingPlugin
    • fix tracking of declarations in concatenated modules to avoid conflicts
    • fix unstable mangling of exports
    • fix handling of # in paths of loaders
    • avoid unnecessary cache update when using experiments.buildHttp

    Contributing

    • update typescript and jest

    Developer Experience

    • expose some additional typings for usage in webpack-cli
  • 5.68.0 - 2022-01-31

    Features

    • allow to disable compile time evaluation of import.meta.url
    • add __webpack_module__ and __webpack_module__.id to the api

    Bugfixes

    • fix handling of errors thrown in async modules
  • 5.67.0 - 2022-01-21

    Features

    • add 'outputPath' configuration option for resource asset modules
    • support Trusted Types in eval source maps
    • experiments.css
      • allow to generate only exports for css in node
      • add SyncModuleIdsPlugin to sync module ids between server and client compilation
      • add more options to the DeterministicModuleIdsPlugin to allow to generate equal ids

    Developer Experience

    • limit data url module name in stats printer
    • allow specific description for CLI options
    • improve space limiting algorithm in stats printing to show partial lists
    • add null to errors in callbacks
    • fix call signature types of addChunkInGroup

    Bugfixes

    • avoid reporting non-existant package.jsons as dependencies
    • experiments.css
      • fix missing css runtime when only initial css is used
      • fix css hmr support
      • bugfixes to css modules
    • fix cache serialization for CreateScriptUrlDependency
    • fix data url content when processed by a loader
    • fix regexp in identifiers that include |
    • fix ProfilingPlugin for watch scenarios
    • add layer to module names and identifiers
      • this avoid random module id changes when additional modules are added to another layer
    • provide hashFunction parameter to DependencyTemplates to allow customizing it there
    • fix HMR when experiments.lazyCompilation is enabled
    • store url as Buffer to avoid serialization warnings
    • exclude webpack-hot-middleware/client from lazy compilation

    Contributing

    • remove travis configuration
    • improve spell checking
  • 5.66.0 - 2022-01-12
  • 5.65.0 - 2021-12-06
  • 5.64.4 - 2021-11-25
  • 5.64.3 - 2021-11-24
  • 5.64.2 - 2021-11-20
  • 5.64.1 - 2021-11-15
  • 5.64.0 - 2021-11-11
  • 5.63.0 - 2021-11-09
  • 5.62.2 - 2021-11-09
  • 5.62.1 - 2021-11-05
  • 5.62.0 - 2021-11-05
  • 5.61.0 - 2021-10-29
  • 5.60.0 - 2021-10-25
  • 5.59.1 - 2021-10-20
  • 5.59.0 - 2021-10-19
  • 5.58.2 - 2021-10-13
  • 5.58.1 - 2021-10-08
  • 5.58.0 - 2021-10-07
  • 5.57.1 - 2021-10-05
  • 5.57.0 - 2021-10-05
  • 5.56.1 - 2021-10-04
  • 5.56.0 - 2021-10-01
  • 5.55.1 - 2021-09-29
  • 5.55.0 - 2021-09-28
  • 5.54.0 - 2021-09-24
  • 5.53.0 - 2021-09-16
  • 5.52.1 - 2021-09-10
  • 5.52.0 - 2021-09-03
  • 5.51.2 - 2021-09-02
  • 5.51.1 - 2021-08-19
  • 5.51.0 - 2021-08-19
  • 5.50.0 - 2021-08-10
  • 5.49.0 - 2021-08-06
  • 5.48.0 - 2021-08-02
  • 5.47.1 - 2021-07-29
  • 5.47.0 - 2021-07-27
  • 5.46.0 - 2021-07-22
  • 5.45.1 - 2021-07-16
  • 5.45.0 - 2021-07-16
  • 5.44.0 - 2021-07-08
  • 5.43.0 - 2021-07-06
  • 5.42.1 - 2021-07-05
  • 5.42.0 - 2021-07-02
  • 5.41.1 - 2021-06-29
  • 5.41.0 - 2021-06-28
  • 5.40.0 - 2021-06-21
  • 5.39.1 - 2021-06-17
  • 5.39.0 - 2021-06-14
  • 5.38.1 - 2021-05-27
  • 5.38.0 - 2021-05-27
  • 5.37.1 - 2021-05-19
  • 5.37.0 - 2021-05-10
  • 5.36.2 - 2021-04-30
  • 5.36.1 - 2021-04-28
  • 5.36.0 - 2021-04-27
  • 5.35.1 - 2021-04-23
  • 5.35.0 - 2021-04-21
  • 5.34.0 - 2021-04-19
  • 5.33.2 - 2021-04-14
  • 5.33.1 - 2021-04-14
  • 5.33.0 - 2021-04-14
  • 5.32.0 - 2021-04-12
  • 5.31.2 - 2021-04-09
  • 5.31.1 - 2021-04-09
  • 5.31.0 - 2021-04-07
  • 5.30.0 - 2021-04-01
from webpack GitHub release notes
Commit messages
Package name: webpack

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@performance-testing-bot
Copy link

Unable to locate .performanceTestingBot config file

@pull-request-quantifier-deprecated
Copy link

This PR has 2 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

Quantification details 

Label      : Extra Small
Size       : +1 -1
Percentile : 0.8%

Total files changed: 2

Change summary by file extension:
.json : +1 -1

Change counts above are quantified counts, based on the PullRequestQuantifier customizations.

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a
balance between between PR complexity and PR review overhead. PRs within the
optimal size (typical small, or medium sized PRs) mean:

  • Fast and predictable releases to production:
    • Optimal size changes are more likely to be reviewed faster with fewer
      iterations.
    • Similarity in low PR complexity drives similar review times.
  • Review quality is likely higher as complexity is lower:
    • Bugs are more likely to be detected.
    • Code inconsistencies are more likely to be detected.
  • Knowledge sharing is improved within the participants:
    • Small portions can be assimilated better.
  • Better engineering practices are exercised:
    • Solving big problems by dividing them in well contained, smaller problems.
    • Exercising separation of concerns within the code changes.

What can I do to optimize my changes

  • Use the PullRequestQuantifier to quantify your PR accurately
    • Create a context profile for your repo using the context generator
    • Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the Excluded section from your prquantifier.yaml context profile.
    • Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your prquantifier.yaml context profile.
    • Only use the labels that matter to you, see context specification to customize your prquantifier.yaml context profile.
  • Change your engineering behaviors
    • For PRs that fall outside of the desired spectrum, review the details and check if:
      • Your PR could be split in smaller, self-contained PRs instead
      • Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR).

How to interpret the change counts in git diff output

  • One line was added: +1 -0
  • One line was deleted: +0 -1
  • One line was modified: +1 -1 (git diff doesn't know about modified, it will
    interpret that line like one addition plus one deletion)
  • Change percentiles: Change characteristics (addition, deletion, modification)
    of this PR in relation to all other PRs within the repository.

Was this comment helpful? 👍  :ok_hand:  :thumbsdown: (Email)
Customize PullRequestQuantifier for this repository.

@snyk-bot snyk-bot mentioned this pull request Apr 26, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Extra Small
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mongoloidkhulmikuki366385 @snyk-bot