chore(deps): update dependency webpack to v5.76.0 [security]

renovate[bot] commented 1 year ago

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
webpack	`5.70.0` -> `5.76.0`

GitHub Vulnerability Alerts

CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.

Release Notes

webpack/webpack (webpack)

### [`v5.76.0`](https://redirect.github.com/webpack/webpack/releases/tag/v5.76.0) [Compare Source](https://redirect.github.com/webpack/webpack/compare/v5.75.0...v5.76.0) #### Bugfixes - Avoid cross-realm object access by [@Jack-Works](https://redirect.github.com/Jack-Works) in [https://github.com/webpack/webpack/pull/16500](https://redirect.github.com/webpack/webpack/pull/16500) - Improve hash performance via conditional initialization by [@lvivski](https://redirect.github.com/lvivski) in [https://github.com/webpack/webpack/pull/16491](https://redirect.github.com/webpack/webpack/pull/16491) - Serialize `generatedCode` info to fix bug in asset module cache restoration by [@ryanwilsonperkin](https://redirect.github.com/ryanwilsonperkin) in [https://github.com/webpack/webpack/pull/16703](https://redirect.github.com/webpack/webpack/pull/16703) - Improve performance of `hashRegExp` lookup by [@ryanwilsonperkin](https://redirect.github.com/ryanwilsonperkin) in [https://github.com/webpack/webpack/pull/16759](https://redirect.github.com/webpack/webpack/pull/16759) #### Features - add `target` to `LoaderContext` type by [@askoufis](https://redirect.github.com/askoufis) in [https://github.com/webpack/webpack/pull/16781](https://redirect.github.com/webpack/webpack/pull/16781) #### Security - [CVE-2022-37603](https://redirect.github.com/advisories/GHSA-3rfm-jhwj-7488) fixed by [@akhilgkrishnan](https://redirect.github.com/akhilgkrishnan) in [https://github.com/webpack/webpack/pull/16446](https://redirect.github.com/webpack/webpack/pull/16446) #### Repo Changes - Fix HTML5 logo in README by [@jakebailey](https://redirect.github.com/jakebailey) in [https://github.com/webpack/webpack/pull/16614](https://redirect.github.com/webpack/webpack/pull/16614) - Replace TypeScript logo in README by [@jakebailey](https://redirect.github.com/jakebailey) in [https://github.com/webpack/webpack/pull/16613](https://redirect.github.com/webpack/webpack/pull/16613) - Update actions/cache dependencies by [@piwysocki](https://redirect.github.com/piwysocki) in [https://github.com/webpack/webpack/pull/16493](https://redirect.github.com/webpack/webpack/pull/16493) #### New Contributors - [@Jack-Works](https://redirect.github.com/Jack-Works) made their first contribution in [https://github.com/webpack/webpack/pull/16500](https://redirect.github.com/webpack/webpack/pull/16500) - [@lvivski](https://redirect.github.com/lvivski) made their first contribution in [https://github.com/webpack/webpack/pull/16491](https://redirect.github.com/webpack/webpack/pull/16491) - [@jakebailey](https://redirect.github.com/jakebailey) made their first contribution in [https://github.com/webpack/webpack/pull/16614](https://redirect.github.com/webpack/webpack/pull/16614) - [@akhilgkrishnan](https://redirect.github.com/akhilgkrishnan) made their first contribution in [https://github.com/webpack/webpack/pull/16446](https://redirect.github.com/webpack/webpack/pull/16446) - [@ryanwilsonperkin](https://redirect.github.com/ryanwilsonperkin) made their first contribution in [https://github.com/webpack/webpack/pull/16703](https://redirect.github.com/webpack/webpack/pull/16703) - [@piwysocki](https://redirect.github.com/piwysocki) made their first contribution in [https://github.com/webpack/webpack/pull/16493](https://redirect.github.com/webpack/webpack/pull/16493) - [@askoufis](https://redirect.github.com/askoufis) made their first contribution in [https://github.com/webpack/webpack/pull/16781](https://redirect.github.com/webpack/webpack/pull/16781) **Full Changelog**: https://github.com/webpack/webpack/compare/v5.75.0...v5.76.0 ### [`v5.75.0`](https://redirect.github.com/webpack/webpack/releases/tag/v5.75.0) [Compare Source](https://redirect.github.com/webpack/webpack/compare/v5.74.0...v5.75.0) ### Bugfixes - `experiments.*` normalize to `false` when opt-out - avoid `NaN%` - show the correct error when using a conflicting chunk name in code - HMR code tests existance of `window` before trying to access it - fix `eval-nosources-*` actually exclude sources - fix race condition where no module is returned from processing module - fix position of standalong semicolon in runtime code ### Features - add support for `@import` to extenal CSS when using experimental CSS in node - add `i64` support to the deprecated WASM implementation ### Developer Experience - expose `EnableWasmLoadingPlugin` - add more typings - generate getters instead of readonly properties in typings to allow overriding them ### [`v5.74.0`](https://redirect.github.com/webpack/webpack/releases/tag/v5.74.0) [Compare Source](https://redirect.github.com/webpack/webpack/compare/v5.73.0...v5.74.0) ### Features - add `resolve.extensionAlias` option which allows to alias extensions - This is useful when you are forced to add the `.js` extension to imports when the file really has a `.ts` extension (typescript + `"type": "module"`) - add support for ES2022 features like static blocks - add Tree Shaking support for `ProvidePlugin` ### Bugfixes - fix persistent cache when some build dependencies are on a different windows drive - make order of evaluation of side-effect-free modules deterministic between concatenated and non-concatenated modules - remove left-over from debugging in TLA/async modules runtime code - remove unneeded extra 1s timestamp offset during watching when files are actually untouched - This sometimes caused an additional second build which are not really needed - fix `shareScope` option for `ModuleFederationPlugin` - set `"use-credentials"` also for same origin scripts ### Performance - Improve memory usage and performance of aggregating needed files/directories for watching - This affects rebuild performance ### Extensibility - export `HarmonyImportDependency` for plugins ### [`v5.73.0`](https://redirect.github.com/webpack/webpack/releases/tag/v5.73.0) [Compare Source](https://redirect.github.com/webpack/webpack/compare/v5.72.1...v5.73.0) ### Features - add options for default `dynamicImportMode` and prefetch and preload - add support for `import { createRequire } from "module"` in source code ### Bugfixes - fix code generation of e. g. `return"field"in Module` - fix performance of large JSON modules - fix performance of async modules evaluation ### Developer Experience - export `PathData` in typings - improve error messages with more details ### [`v5.72.1`](https://redirect.github.com/webpack/webpack/releases/tag/v5.72.1) [Compare Source](https://redirect.github.com/webpack/webpack/compare/v5.72.0...v5.72.1) ### Bugfixes - fix `__webpack_nonce__` with HMR - fix `in` operator in some cases - fix json parsing error messages - fix module concatenation with using `this.importModule` - upgrade enhanced-resolve ### [`v5.72.0`](https://redirect.github.com/webpack/webpack/releases/tag/v5.72.0) [Compare Source](https://redirect.github.com/webpack/webpack/compare/v5.71.0...v5.72.0) ### Features - make cache warnings caused by build errors less verbose - Allow banner to be placed as a footer with the BannerPlugin - allow to concatenate asset modules ### Bugfixes - fix RemoteModules when using HMR (Module Federation + HMR) - throw error when using module concatenation and cacheUnaffected - fix `in` operator with nested exports ### [`v5.71.0`](https://redirect.github.com/webpack/webpack/releases/tag/v5.71.0) [Compare Source](https://redirect.github.com/webpack/webpack/compare/v5.70.0...v5.71.0) ### Features - choose smarter default for `uniqueName` when using a `output.library` which includes placeholders - add support for expressions with `in` of a imported binding - generate UMD code with arrow functions when possible ### Bugfixes - fix source map source names for ContextModule to be relative - fix `chunkLoading` option in module module - fix edge case where `evaluateExpression` returns `null` - retain optional chaining in imported bindings - include runtime code for the base URI even if not using chunk loading - don't throw errors in persistent caching when importing node.js builtin modules via ESM - fix crash when using `lazy-once` Context modules - improve handling of context modules with multiple contexts - fix race condition HMR chunk loading when importing chunks during HMR updating - handle errors in `runAsChild` callback

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-advanced-security[bot] commented 1 year ago

You have successfully added a new SonarCloud configuration ``. As part of the setup process, we have scanned this repository and found no existing alerts. In the future, you will see all code scanning alerts on the repository Security tab.