Skip to content

[Snyk] Upgrade webpack from 5.94.0 to 5.101.3 #59

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

[Snyk] Upgrade webpack from 5.94.0 to 5.101.3 #59

wants to merge 1 commit into from

Conversation

nerdy-tech-com-gitub
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade webpack from 5.94.0 to 5.101.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 23 versions ahead of your current version.

  • The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-CROSSSPAWN-8303230		 57 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-HTTPPROXYMIDDLEWARE-8229906		 57 Proof of Concept
medium severity Cross-site Scripting (XSS)
SNYK-JS-COOKIE-8163060		 57 No Known Exploit
medium severity Always-Incorrect Control Flow Implementation
SNYK-JS-HTTPPROXYMIDDLEWARE-9691387		 57 No Known Exploit
medium severity Improper Check for Unusual or Exceptional Conditions
SNYK-JS-HTTPPROXYMIDDLEWARE-9691389		 57 No Known Exploit
medium severity Improper Input Validation
SNYK-JS-NANOID-8492085		 57 No Known Exploit
medium severity Improper Handling of Unexpected Data Type
SNYK-JS-ONHEADERS-10773729		 57 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHTOREGEXP-8482416		 57 Proof of Concept
medium severity Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-6147607		 57 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BRACEEXPANSION-9789073		 57 Proof of Concept
Release notes
Package name: webpack
  • 5.101.3 - 2025-08-18

    Fixes

    • Fixed resolve execution order issue from extra await in async modules
    • Avoid empty block for unused statement
    • Collect only specific expressions for destructuring assignment
  • 5.101.2 - 2025-08-14

    Fixes

    • Fixed syntax error when comment is on the last line
    • Handle var declaration for createRequire
    • Distinguish free variable and tagged variable
  • 5.101.1 - 2025-08-12

    Fixes

    • Filter deleted assets in processAdditionalAssets hook
    • HMR failure in defer module
    • Emit assets even if invalidation occurs again
    • Export types for serialization and deserialization in plugins and export the ModuleFactory class
    • Fixed the failure export of internal function for ES module chunk format
    • Fixed GetChunkFilename failure caused by dependOn entry
    • Fixed the import of missing dependency chunks
    • Fixed when entry chunk depends on the runtime chunk hash
    • Fixed module.exports bundle to ESM library
    • Adjusted the time of adding a group depending on the fragment of execution time
    • Fixed circle dependencies when require RawModule and condition of isDeferred
    • Tree-shakable module library should align preconditions of allowInlineStartup
  • 5.101.0 - 2025-07-28

    Fixes

    • Fixed concatenate optimization for ESM that caused undefined export
    • Respect the output.environment.nodePrefixForCoreModules option everywhere
    • Respect the output.importMetaName option everywhere
    • Fixed await async dependencies when accepting them during HMR
    • Better typescript types

    Features

    • Added colors helpers for CLI
    • Enable tree-shaking for ESM external modules with named imports
    • Added the deferImport option to parser options

    Performance Improvements

    • Fixed a regression in module concatenation after implementing deferred import support
    • Fixed a potential performance issue in CleanPlugin
    • Avoid extra require in some places
  • 5.100.2 - 2025-07-15

    Fixes

    • Keep consistent CSS order
    • Dependency without the source order attribute must keep their original index
    • Keep module traversal consistent across reexport scenarios

    Performance Improvements

    • Extend importPhasesPlugin only when enable deferImport (#19689)
  • 5.100.1 - 2025-07-11

    Fixes

    • Tree-shaking unused ignored modules
    • [Types] Compatibility with old Node.js versions
  • 5.100.0 - 2025-07-09

    Fixes

    • Fixed the case where an ES modules entry chunk depends on the runtime chunk hash
    • Handle function exports in webpack module wrapper
    • Ensure dependent chunks are imported before startup & fix duplicate export of 'default'
    • Generate lose closing brace when exports are unprovided
    • CleanPlugin doesn't unlink same file twice
    • Fixed unexpected error codes from fs.unlink on Windows
    • Typescript types

    Features

    • HMR support for ES modules output
    • ES module output mode now fully supports splitChunks when external variables and runtimeChunk are not set.
    • Added support using keyword
    • Implemented tc39 Defer Module Evaluation (experiment)
    • Support dynamic template literals expressions for new URL(...)
    • Enable ES modules worker chunk loading for Node.js targets
    • Improved support for destructing in DefinePlugin
    • Added VirtualUrlPlugin to support virtual: scheme

    Performance Improvements

    • Remove useless startup entrypoint runtime for ES modules output
    • Cache new URL(...) evaluate expression
  • 5.99.9 - 2025-05-20

    Fixes

    • HMR might fail if there are new initial chunks
    • Destructuring namespace import with default
    • Destructuring namespace import with computed-property
    • Generate valid code for es export generation for multiple module entries
    • Fixed public path issue for ES modules
    • Asset modules work when lazy compilation used
    • Eliminate unused statements in certain scenarios
    • Fixed regression with location and order of dependencies
    • Fixed typescript types
  • 5.99.8 - 2025-05-06

    Fixes

    • Fixed type error with latest @ types/node
    • Fixed typescript types
  • 5.99.7 - 2025-04-25

    Fixes

    • Don't skip export generation for default reexport (#19463)
    • Fixed module library export generation for reexport (#19459)
    • Avoid module concatenation in child compilation for module library (#19457)
    • Ensure HMR recover gracefully when CSS module with error
    • Respect cause of any errors and errors of AggregateError in stats output
    • Added missing @ types/json-schema in types
  • 5.99.6 - 2025-04-18
  • 5.99.5 - 2025-04-08
  • 5.99.4 - 2025-04-08
  • 5.99.3 - 2025-04-08
  • 5.99.2 - 2025-04-08
  • 5.99.1 - 2025-04-07
  • 5.99.0 - 2025-04-07
  • 5.98.0 - 2025-02-13
  • 5.97.1 - 2024-12-05
  • 5.97.0 - 2024-12-03
  • 5.96.1 - 2024-11-01
  • 5.96.0 - 2024-10-31
  • 5.95.0 - 2024-09-25
  • 5.94.0 - 2024-08-22
from webpack GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade webpack from 5.94.0 to 5.101.3
632b2a1 
Snyk has created this PR to upgrade webpack from 5.94.0 to 5.101.3.

See this package in npm:
webpack

See this project in Snyk:
https://app.snyk.io/org/nerds-github/project/aa77fd79-7d27-4ab0-9d41-5dd117531784?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nerdy-tech-com-gitub @snyk-bot