search

DeviaVir / zenbot

Zenbot is a command-line cryptocurrency trading bot using Node.js and MongoDB.
MIT License
8.21k stars 2.04k forks source link

[Snyk] Upgrade webpack from 5.38.1 to 5.41.1 #2729

Closed snyk-bot closed 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to upgrade webpack from 5.38.1 to 5.41.1.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-BROWSERSLIST-1090194		 372/1000
Why? Proof of Concept exploit, CVSS 5.3		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: webpack
  • 5.41.1 - 2021-06-29

    Bugfixes

    • add missing types about experimental esm support to schema
    • avoid slicing large Buffers as that doesn't always work for unknown reasons

    Performance

    • avoid slicing Buffers unnecessarily
  • 5.41.0 - 2021-06-28

    Features

    • Persist cache faster when large changes are detected
      • new option cache.idleTimeoutAfterLargeChanges to control that

    Bugfixes

    • shutdown lazy compilation server correctly

    Experiments

    • EcmaScript modules support (experiments.outputModule: true)
      • output.library.type: "module": very basic support, no live bindings, unnecessary runtime code
      • output.chunkLoading: "import"
      • output.chunkFormat: "module"
      • externalsType: "module" generates now import * as X from "..." (in a module) or import("...") (in a script)
      • Node.js commonjs externals use import { createRequire } from "module" in a module
      • new Worker etc. sets `type: "module"
  • 5.40.0 - 2021-06-21

    Features

    • accept node: prefixed requests as node.js externals
    • avoid instanceof Promise in favor of p && typeof p.then === "function" to allow mixing different Promise implementions

    Bugfixes

    • fix usage analysis of class properties

    Performance

    • improve LazySet memory usage by shortcircuiting empty sets
    • reduce algorithmic complexity of the structure analysis for plain objects serialization

    Developer Experience

    • allow Buffer in this.emitFile typings (loader context)
    • improve reset cli argument description
  • 5.39.1 - 2021-06-17

    Bugfixes

    • reduce memory usage and fix memory leaks
  • 5.39.0 - 2021-06-14

    Features

    • allow lazy compilation for import() context (import with expression)

    Bugfixes

    • fix respecting cache.allowCollectingMemory
    • fix cli loading after installing it
    • fix initial list of non-js chunks that are flagged as already loaded

    Performance

    • remove unnecessary Error.captureStackTrace from webpack errors
  • 5.38.1 - 2021-05-27

    Performance

    • fix missing increment in sorting optimization from last release
from webpack GitHub release notes
Commit messages
Package name: webpack
  • 9ed05af 5.41.1
  • 74a16d0 Merge pull request #13662 from webpack/perf/avoid-splitting-buffer
  • 563a28d fix toString for large positions
  • d2640d3 Merge pull request #13652 from webpack/dependabot/npm_and_yarn/mini-css-extract-plugin-1.6.2
  • 07d6d54 Merge pull request #13656 from webpack/dependabot/npm_and_yarn/jest-diff-27.0.6
  • c409811 Merge pull request #13659 from yiminghe/use-es5
  • 18f54b7 Merge pull request #13653 from webpack/dependabot/npm_and_yarn/terser-5.7.1
  • 3863b42 Merge pull request #13660 from chenxsan/bugfix/update-webpack-options
  • b76c5c4 fix linting
  • 0433e0b join sections
  • 86203ad use Buffer.from instead of slice
  • d303570 add test case for large assets
  • c9b310b Merge pull request #13661 from webpack/bugfix/avoid-large-slice
  • 894ef94 use Buffer.from instead of slice
  • 6e585ba update snapshots
  • 68b020e use es5 for async module runtime
  • 2d7d20f chore(deps-dev): bump jest-diff from 27.0.2 to 27.0.6
  • 01f7626 Merge pull request #13657 from webpack/dependabot/npm_and_yarn/coveralls-3.1.1
  • fef9611 Merge pull request #13658 from webpack/dependabot/npm_and_yarn/pretty-format-27.0.6
  • b0850fc update snapshot
  • 82c8a5c update webpack options
  • 8448798 chore(deps-dev): bump pretty-format from 27.0.2 to 27.0.6
  • 601119a chore(deps-dev): bump coveralls from 3.1.0 to 3.1.1
  • f4c379a chore(deps-dev): bump terser from 5.7.0 to 5.7.1
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs