search

devrsi0n / chirpy

๐Ÿ’ฌ A privacy-friendly and customizable Disqus (comment system) alternate. ๆณจ้‡้š็งไฟๆŠคๅ’ŒๅฎšๅˆถๅŒ–็š„่ฏ„่ฎบ็ณป็ปŸใ€‚
https://chirpy.dev
GNU Affero General Public License v3.0
555 stars 32 forks source link

chore(deps): update dependency webpack to v5.76.0 [security] - autoclosed #569

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
webpack 5.75.0 -> 5.76.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.

Release Notes

webpack/webpack ### [`v5.76.0`](https://togithub.com/webpack/webpack/releases/tag/v5.76.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.75.0...v5.76.0) #### Bugfixes - Avoid cross-realm object access by [@​Jack-Works](https://togithub.com/Jack-Works) in [https://github.com/webpack/webpack/pull/16500](https://togithub.com/webpack/webpack/pull/16500) - Improve hash performance via conditional initialization by [@​lvivski](https://togithub.com/lvivski) in [https://github.com/webpack/webpack/pull/16491](https://togithub.com/webpack/webpack/pull/16491) - Serialize `generatedCode` info to fix bug in asset module cache restoration by [@​ryanwilsonperkin](https://togithub.com/ryanwilsonperkin) in [https://github.com/webpack/webpack/pull/16703](https://togithub.com/webpack/webpack/pull/16703) - Improve performance of `hashRegExp` lookup by [@​ryanwilsonperkin](https://togithub.com/ryanwilsonperkin) in [https://github.com/webpack/webpack/pull/16759](https://togithub.com/webpack/webpack/pull/16759) #### Features - add `target` to `LoaderContext` type by [@​askoufis](https://togithub.com/askoufis) in [https://github.com/webpack/webpack/pull/16781](https://togithub.com/webpack/webpack/pull/16781) #### Security - [CVE-2022-37603](https://togithub.com/advisories/GHSA-3rfm-jhwj-7488) fixed by [@​akhilgkrishnan](https://togithub.com/akhilgkrishnan) in [https://github.com/webpack/webpack/pull/16446](https://togithub.com/webpack/webpack/pull/16446) #### Repo Changes - Fix HTML5 logo in README by [@​jakebailey](https://togithub.com/jakebailey) in [https://github.com/webpack/webpack/pull/16614](https://togithub.com/webpack/webpack/pull/16614) - Replace TypeScript logo in README by [@​jakebailey](https://togithub.com/jakebailey) in [https://github.com/webpack/webpack/pull/16613](https://togithub.com/webpack/webpack/pull/16613) - Update actions/cache dependencies by [@​piwysocki](https://togithub.com/piwysocki) in [https://github.com/webpack/webpack/pull/16493](https://togithub.com/webpack/webpack/pull/16493) #### New Contributors - [@​Jack-Works](https://togithub.com/Jack-Works) made their first contribution in [https://github.com/webpack/webpack/pull/16500](https://togithub.com/webpack/webpack/pull/16500) - [@​lvivski](https://togithub.com/lvivski) made their first contribution in [https://github.com/webpack/webpack/pull/16491](https://togithub.com/webpack/webpack/pull/16491) - [@​jakebailey](https://togithub.com/jakebailey) made their first contribution in [https://github.com/webpack/webpack/pull/16614](https://togithub.com/webpack/webpack/pull/16614) - [@​akhilgkrishnan](https://togithub.com/akhilgkrishnan) made their first contribution in [https://github.com/webpack/webpack/pull/16446](https://togithub.com/webpack/webpack/pull/16446) - [@​ryanwilsonperkin](https://togithub.com/ryanwilsonperkin) made their first contribution in [https://github.com/webpack/webpack/pull/16703](https://togithub.com/webpack/webpack/pull/16703) - [@​piwysocki](https://togithub.com/piwysocki) made their first contribution in [https://github.com/webpack/webpack/pull/16493](https://togithub.com/webpack/webpack/pull/16493) - [@​askoufis](https://togithub.com/askoufis) made their first contribution in [https://github.com/webpack/webpack/pull/16781](https://togithub.com/webpack/webpack/pull/16781) **Full Changelog**: https://github.com/webpack/webpack/compare/v5.75.0...v5.76.0

Configuration

๐Ÿ“… Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

๐Ÿšฆ Automerge: Disabled by config. Please merge this manually once you are satisfied.

โ™ป Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

๐Ÿ”• Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

vercel[bot] commented 1 year ago

The latest updates on your projects. Learn more about Vercel for Git โ†—๏ธŽ

Name Status Preview Comments Updated (UTC)
chirpy โœ… Ready (Inspect) Visit Preview ๐Ÿ’ฌ Add feedback May 2, 2023 6:57am
changeset-bot[bot] commented 1 year ago

โš ๏ธ No Changeset found

Latest commit: f581960f7dfdf07d965a10a866839331d6373926

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

relativeci[bot] commented 1 year ago

Job #1353: Bundle Size โ€” 2.1MiB (0%).

b34709a(current) vs 5ece64a main#1349(baseline)

:warning: Bundle contains 1 duplicate package

Metrics (1 change)
โ€ƒโ€ƒโ€ƒโ€ƒโ€ƒโ€ƒโ€ƒโ€ƒโ€ƒโ€ƒ โ€ƒโ€ƒโ€ƒโ€ƒโ€ƒโ€ƒCurrent
Job #1353		 โ€ƒโ€ƒโ€ƒโ€ƒโ€ƒBaseline
Job #1349
Initial JS 1.46MiB 1.46MiB
Initial CSS 99.56KiB 99.56KiB
Cache Invalidation 0% 15.09%
Chunks 51 51
Assets 63 63
Modules 1129 1129
Duplicate Modules 199 199
Duplicate Code 4.9% 4.9%
Packages 123 123
Duplicate Packages 1 1

Total size by type (no changes)
| โ€ƒโ€ƒโ€ƒโ€ƒโ€ƒโ€ƒโ€ƒโ€ƒโ€ƒโ€ƒ | โ€ƒโ€ƒโ€ƒโ€ƒโ€ƒโ€ƒCurrent
[Job #1353](https://app.relative-ci.com/projects/rYoEVFddayylGRgFiBEd/jobs/1353-95QNMFmSeOpHXftdghZx?utm_source=github&utm_medium=pr-report "View job report") | โ€ƒโ€ƒโ€ƒโ€ƒโ€ƒBaseline
[Job #1349](https://app.relative-ci.com/projects/rYoEVFddayylGRgFiBEd/jobs/1349-PYdyMpnebJ8RcYe6pROw?utm_source=github&utm_medium=pr-report "View baseline job report") | |:--|--:|--:| | [CSS](https://app.relative-ci.com/projects/rYoEVFddayylGRgFiBEd/jobs/1353-95QNMFmSeOpHXftdghZx/assets?ba=%7B%22filters%22%3A%7B%22ft.CSS%22%3Atrue%2C%22ft.JS%22%3Afalse%2C%22ft.IMG%22%3Afalse%2C%22ft.MEDIA%22%3Afalse%2C%22ft.FONT%22%3Afalse%2C%22ft.HTML%22%3Afalse%2C%22ft.OTHER%22%3Afalse%7D%7D "View all CSS assets") | `99.56KiB` | `99.56KiB` | | [Fonts](https://app.relative-ci.com/projects/rYoEVFddayylGRgFiBEd/jobs/1353-95QNMFmSeOpHXftdghZx/assets?ba=%7B%22filters%22%3A%7B%22ft.CSS%22%3Afalse%2C%22ft.JS%22%3Afalse%2C%22ft.IMG%22%3Afalse%2C%22ft.MEDIA%22%3Afalse%2C%22ft.FONT%22%3Atrue%2C%22ft.HTML%22%3Afalse%2C%22ft.OTHER%22%3Afalse%7D%7D "View all Fonts assets") | `0B` | `0B` | | [HTML](https://app.relative-ci.com/projects/rYoEVFddayylGRgFiBEd/jobs/1353-95QNMFmSeOpHXftdghZx/assets?ba=%7B%22filters%22%3A%7B%22ft.CSS%22%3Afalse%2C%22ft.JS%22%3Afalse%2C%22ft.IMG%22%3Afalse%2C%22ft.MEDIA%22%3Afalse%2C%22ft.FONT%22%3Afalse%2C%22ft.HTML%22%3Atrue%2C%22ft.OTHER%22%3Afalse%7D%7D "View all HTML assets") | `0B` | `0B` | | [IMG](https://app.relative-ci.com/projects/rYoEVFddayylGRgFiBEd/jobs/1353-95QNMFmSeOpHXftdghZx/assets?ba=%7B%22filters%22%3A%7B%22ft.CSS%22%3Afalse%2C%22ft.JS%22%3Afalse%2C%22ft.IMG%22%3Atrue%2C%22ft.MEDIA%22%3Afalse%2C%22ft.FONT%22%3Afalse%2C%22ft.HTML%22%3Afalse%2C%22ft.OTHER%22%3Afalse%7D%7D "View all IMG assets") | `1.45KiB` | `1.45KiB` | | [JS](https://app.relative-ci.com/projects/rYoEVFddayylGRgFiBEd/jobs/1353-95QNMFmSeOpHXftdghZx/assets?ba=%7B%22filters%22%3A%7B%22ft.CSS%22%3Afalse%2C%22ft.JS%22%3Atrue%2C%22ft.IMG%22%3Afalse%2C%22ft.MEDIA%22%3Afalse%2C%22ft.FONT%22%3Afalse%2C%22ft.HTML%22%3Afalse%2C%22ft.OTHER%22%3Afalse%7D%7D "View all JS assets") | `1.99MiB` | `1.99MiB` | | [Media](https://app.relative-ci.com/projects/rYoEVFddayylGRgFiBEd/jobs/1353-95QNMFmSeOpHXftdghZx/assets?ba=%7B%22filters%22%3A%7B%22ft.CSS%22%3Afalse%2C%22ft.JS%22%3Afalse%2C%22ft.IMG%22%3Afalse%2C%22ft.MEDIA%22%3Atrue%2C%22ft.FONT%22%3Afalse%2C%22ft.HTML%22%3Afalse%2C%22ft.OTHER%22%3Afalse%7D%7D "View all Media assets") | `0B` | `0B` | | [Other](https://app.relative-ci.com/projects/rYoEVFddayylGRgFiBEd/jobs/1353-95QNMFmSeOpHXftdghZx/assets?ba=%7B%22filters%22%3A%7B%22ft.CSS%22%3Afalse%2C%22ft.JS%22%3Afalse%2C%22ft.IMG%22%3Afalse%2C%22ft.MEDIA%22%3Afalse%2C%22ft.FONT%22%3Afalse%2C%22ft.HTML%22%3Afalse%2C%22ft.OTHER%22%3Atrue%7D%7D "View all Other assets") | `11.87KiB` | `11.87KiB` |

View job #1353 reportโ€ƒView refs/pull/569/merge branch activity

github-actions[bot] commented 1 year ago

Coverage report for ./apps/main

St.:grey_question:
 Category Percentage Covered / Total
๐Ÿ”ด Statements 8.73% 40/458
๐Ÿ”ด Branches 10.23% 9/88
๐Ÿ”ด Functions 4.35% 3/69
๐Ÿ”ด Lines 9.25% 38/411

Test suite run success

2 tests passing in 2 suites.

Report generated by ๐Ÿงชjest coverage report action from f581960f7dfdf07d965a10a866839331d6373926

cypress[bot] commented 1 year ago

2 failed tests on run #1887 โ†—๏ธŽ

2 4 0 1 Flakiness 0

Details:

chore(deps): update dependency webpack to v5.76.0 [security]
Project: chirpy Commit: f581960f7d
Status: Failed Duration: 02:33 ๐Ÿ’ก
Started: May 2, 2023 6:59 AM Ended: May 2, 2023 7:01 AM
Failed  home/header.spec.ts โ€ข 1 failed test โ€ข Cypress Actions View Output Video
Test Artifacts
Header > should show user menu Output Screenshots Video
Failed  dashboard/project.spec.ts โ€ข 1 failed test โ€ข Cypress Actions View Output Video
Test Artifacts
Project > should show integration doc Output Screenshots Video

This comment has been generated by cypress-bot as a result of this project's GitHub integration settings.