Open dependabot[bot] opened 1 month ago
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
Package | New capabilities | Transitives | Size | Publisher |
---|---|---|---|---|
npm/acorn@8.12.1 | None | 0 |
538 kB | marijn |
npm/graceful-fs@4.2.11 | environment, filesystem | 0 |
32.5 kB | isaacs |
npm/schema-utils@3.3.0 | environment | 0 |
84.8 kB | evilebottnawi |
🚮 Removed packages: npm/acorn@8.11.3), npm/graceful-fs@4.2.10), npm/schema-utils@3.1.1)
Bumps webpack from 5.76.0 to 5.94.0.
Release notes
Sourced from webpack's releases.
... (truncated)
Commits
eabf85d
chore(release): 5.94.0955e057
security: fix DOM clobbering in auto public path9822387
test: fixcbb86ed
test: fix5ac3d7f
fix: unexpected asi generation with sequence expression2411661
security: fix DOM clobbering in auto public pathb8c03d4
fix: unexpected asi generation with sequence expressionf46a03c
revert: do not use heuristic fallback for "module-import"60f1898
fix: do not use heuristic fallback for "module-import"66306aa
Revert "fix: module-import get fallback from externalsPresets"Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show