socket-security[bot]
commented
5 months ago New dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/webpack@5.90.1 | environment, filesystem, network, unsafe Transitive: eval, shell | +118 |
20.6 MB | evilebottnawi |
sonarcloud[bot]
No data about Coverage
This PR contains the following updates:
5.89.0->5.90.1Release Notes
webpack/webpack (webpack)
### [`v5.90.1`](https://togithub.com/webpack/webpack/releases/tag/v5.90.1) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.90.0...v5.90.1) #### Bug Fixes - set `unmanagedPaths` in defaults - correct `preOrderIndex` and `postOrderIndex` - add fallback for MIME mismatch error in async wasm loading - browsers versions of ECMA features #### Performance - optimize `compareStringsNumeric` - optimize `numberHash` using 32-bit FNV1a for small ranges, 64-bit for larger - reuse VM context across webpack magic comments ### [`v5.90.0`](https://togithub.com/webpack/webpack/releases/tag/v5.90.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.89.0...v5.90.0) #### Bug Fixes - Fixed inner graph for classes - Optimized `RemoveParentModulesPlugin` via bigint arithmetic - Fixed worklet detection in production mode - Fixed an error for cyclic importModule - Fixed types for `Server` and `Dirent` - Added the `fetchPriority` to hmr runtime's `ensureChunk` function - Don't warn about dynamic import for build dependencies - External module generation respects the `output.environment.arrowFunction` option - Fixed consumimng shared runtime module logic - Fixed a runtime logic of multiple chunks - Fixed destructing assignment of dynamic import json file - Passing errors array for a module hash - Added `/*#__PURE__*/` to generated `JSON.parse()` - Generated a library manifest after clean plugin - Fixed non `amd` externals and `amd` library - Fixed a bug in `SideEffectsFlagPlugin` with namespace re-exports - Fixed an error message for condition `or` - The `strictModuleErrorHandling` is now working - Clean up child compilation chunk graph to avoid memory leak - \[CSS] - Fixed CSS import prefer relative resolution - \[CSS] - Fixed CSS runtime chunk loading error message #### New Features - Allow to set `false` for dev server in `webpack.config.js` - Added a warning for async external when not supported - Added a warning for async module when not supported - Added the `node-module` option for the `node.__filename/__dirname` and enable it by default for ESM target - Added the `snapshot.unmanagedPaths` option - Exposed the `MultiCompilerOptions` type - \[CSS] - Added CSS parser options to enable/disable named exports - \[CSS] - Moved CSS the `exportsOnly` option to CSS generator options #### Dependencies & Maintenance - use node.js LTS version for lint - bump actions/cache from 3 to 4 - bump prettier from 3.2.1 to 3.2.3 - bump assemblyscript - bump actions/checkout from 3 to 4 **Full Changelog**: https://github.com/webpack/webpack/compare/v5.89.0...v5.90.0Configuration
📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR has been generated by Mend Renovate. View repository job log here.