[Snyk] Upgrade webpack from 5.74.0 to 5.89.0 #8
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade webpack from 5.74.0 to 5.89.0. See this package in npm: https://www.npmjs.com/package/webpack See this project in Snyk: https://app.snyk.io/org/kalashiexe/project/520d0ae6-f8d0-41e2-af43-2e46c4162842?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade webpack from 5.74.0 to 5.89.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-WEBPACK-3358798
Why? Proof of Concept exploit, Has a fix available, CVSS 8.3
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: webpack
-
5.89.0 - 2023-10-13
- Make CommonJS import preserve chained expressions by @ bworline in #17718
- chore(deps-dev): bump @ types/node from 20.3.1 to 20.4.8 by @ dependabot in #17568
- docs: add example for stats detailed output by @ ersachin3112 in #17420
- docs: add example for stats normal output by @ ersachin3112 in #17426
- chore(deps-dev): bump core-js from 3.31.0 to 3.32.0 by @ dependabot in #17539
- chore(deps-dev): bump pretty-format from 29.5.0 to 29.6.2 by @ dependabot in #17536
- chore(deps-dev): bump @ types/node from 20.4.8 to 20.4.9 by @ dependabot in #17583
- chore(deps-dev): bump less from 4.1.3 to 4.2.0 by @ dependabot in #17580
- chore(deps): bump semver from 5.7.1 to 5.7.2 by @ dependabot in #17483
- chore(deps-dev): bump simple-git from 3.19.0 to 3.19.1 by @ dependabot in #17427
- chore(deps-dev): bump @ types/node from 20.4.9 to 20.6.0 by @ dependabot in #17666
-
5.88.2 - 2023-07-18
- Fixed a bug where unused identifiers should retain names when using css modules by @ burhanuday in #17444
-
5.88.1 - 2023-06-28
- Significantly improve TypeScript coverage for Library Plugins by @ alexander-akait in #17414
-
5.88.0 - 2023-06-21
- [CSS] - Use
- Fix bugs related to require.context and layer by @ alexander-akait in #17388
- Fix bug in runtime for CSS loading by @ alexander-akait in #17400
- Correct indirect call for tagged template expressions using correct this context by @ alexander-akait in #17397
- Update environment support for KaiOS browser by @ steverep in #17395
- Fix async module runtime code for running top-level-await by @ ahabhgk in #17393
- Add example for stats minimal output by @ ersachin3112 in #17406
- Significantly improve type coverage for Dependency, Runtime, Template classes by @ alexander-akait in #17394
- Bump browserslist from 4.21.8 to 4.21.9 by @ dependabot in #17389
- Bump acorn from 8.8.2 to 8.9.0 by @ dependabot in #17402
- Bump eslint from 8.42.0 to 8.43.0 by @ dependabot in #17401
- Bump eslint-plugin-jest from 27.2.1 to 27.2.2 by @ dependabot in #17407
- @ steverep made their first contribution in #17395
-
5.87.0 - 2023-06-14
-
5.86.0 - 2023-06-07
-
5.85.1 - 2023-06-05
- Fix bug in handling barrel imports (#17305) by @ bworline in #17307 - NOTE: An internal API
- Bump @ types/jest from 29.5.1 to 29.5.2 by @ dependabot in #17297
-
5.85.0 - 2023-05-31
-
5.84.1 - 2023-05-25
- Fix regression in inner graph for reserved identifiers by @ alexander-akait in #17265
- Bump @ types/jest from 29.5.0 to 29.5.1 by @ dependabot in #17027
- Bump simple-git from 3.18.0 to 3.19.0 by @ dependabot in #17263
-
5.84.0 - 2023-05-24
-
5.83.1 - 2023-05-17
-
5.83.0 - 2023-05-17
-
5.82.1 - 2023-05-10
-
5.82.0 - 2023-05-03
-
5.81.0 - 2023-04-26
-
5.80.0 - 2023-04-19
-
5.79.0 - 2023-04-12
-
5.78.0 - 2023-04-05
-
5.77.0 - 2023-03-29
-
5.76.3 - 2023-03-22
-
5.76.2 - 2023-03-15
-
5.76.1 - 2023-03-10
-
5.76.0 - 2023-03-08
-
5.75.0 - 2022-11-09
-
5.74.0 - 2022-07-25
from webpack GitHub release notesNew Features
Dependencies & Maintenance
Full Changelog: v5.88.2...v5.89.0
Bug Fixes
Full Changelog: v5.88.1...v5.88.2
Developer Experience
Full Changelog: v5.88.0...v5.88.1
New Features
css/autoas the default css mode by @ burhanuday in #17399Bug Fixes
Developer Experience
Dependencies & Maintenance
New Contributors
Full Changelog: v5.87.0...v5.88.0
Read more
Read more
Bug Fixes
BasicEvaluatedExpression.getMemberRangeStartshas been changed toBasicEvaluatedExpression.getMemberRanges, please see type definition changes and the pull request for more information.Dependencies & Maintenance
Full Changelog: v5.85.0...v5.85.1
Read more
Bug Fixes
Dependencies & Maintenance
Full Changelog: v5.84.0...v5.84.1
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs