nodeshift / opossum

Node.js circuit breaker - fails fast ⚡️
https://nodeshift.dev/opossum/
Apache License 2.0
1.33k stars 107 forks source link

[Snyk] Upgrade webpack from 5.88.2 to 5.90.0 #847

Closed lholmquist closed 7 months ago

lholmquist commented 9 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade webpack from 5.88.2 to 5.90.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **2 versions** ahead of your current version. - The recommended version was released **21 days ago**, on 2024-01-24. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Cross-site Scripting (XSS)
[SNYK-JS-SERIALIZEJAVASCRIPT-6147607](https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607) | **412/1000**
**Why?** Proof of Concept exploit, CVSS 6.1 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: webpack
  • 5.90.0 - 2024-01-24

    Bug Fixes

    • Fixed inner graph for classes
    • Optimized RemoveParentModulesPlugin via bigint arithmetic
    • Fixed worklet detection in production mode
    • Fixed an error for cyclic importModule
    • Fixed types for Server and Dirent
    • Added the fetchPriority to hmr runtime's ensureChunk function
    • Don't warn about dynamic import for build dependencies
    • External module generation respects the output.environment.arrowFunction option
    • Fixed consumimng shared runtime module logic
    • Fixed a runtime logic of multiple chunks
    • Fixed destructing assignment of dynamic import json file
    • Passing errors array for a module hash
    • Added /*#__PURE__*/ to generated JSON.parse()
    • Generated a library manifest after clean plugin
    • Fixed non amd externals and amd library
    • Fixed a bug in SideEffectsFlagPlugin with namespace re-exports
    • Fixed an error message for condition or
    • The strictModuleErrorHandling is now working
    • Clean up child compilation chunk graph to avoid memory leak
    • [CSS] - Fixed CSS import prefer relative resolution
    • [CSS] - Fixed CSS runtime chunk loading error message

    New Features

    • Allow to set false for dev server in webpack.config.js
    • Added a warning for async external when not supported
    • Added a warning for async module when not supported
    • Added the node-module option for the node.__filename/__dirname and enable it by default for ESM target
    • Added the snapshot.unmanagedPaths option
    • Exposed the MultiCompilerOptions type
    • [CSS] - Added CSS parser options to enable/disable named exports
    • [CSS] - Moved CSS the exportsOnly option to CSS generator options

    Dependencies & Maintenance

    • use node.js LTS version for lint
    • bump actions/cache from 3 to 4
    • bump prettier from 3.2.1 to 3.2.3
    • bump assemblyscript
    • bump actions/checkout from 3 to 4

    Full Changelog: v5.89.0...v5.90.0

  • 5.89.0 - 2023-10-13

    New Features

    Dependencies & Maintenance

    Full Changelog: v5.88.2...v5.89.0

  • 5.88.2 - 2023-07-18

    Bug Fixes

    • Fixed a bug where unused identifiers should retain names when using css modules by @ burhanuday in #17444

    Full Changelog: v5.88.1...v5.88.2

from webpack GitHub release notes
Commit messages
Package name: webpack
  • 4a26623 chore(release): 5.90.0
  • f03e96e fix: inner graph for classes
  • b6c1430 test: added
  • 28948dd fix: inner graph
  • 5a9ed6d fix: inner graph
  • c8d9d97 fix: inner graph for classes
  • 3022995 fix: inner graph for classes
  • f857674 fix: worklet detection in production mode
  • 2d6f5fa feat: allow to set `false` for dev server
  • 644cd47 test: added
  • 413eb12 fix: worklet detection in production mode
  • 81623b6 perf: optimize RemoveParentModulesPlugin via bigint arithmetic
  • b295fd3 fix: css import prefer relative resolution
  • 4af32a9 fix: error for cyclic importModule
  • 45a33f4 update snapshot
  • fb2ca7c fix: css-import should apply preferRelative
  • b3ea520 fix
  • de0e598 fix: error for cyclic importModule
  • a4e994b Remove lib directive
  • fd4c36d Remove wrapper objects
  • b187e2f Optimize RemoveParentModulePlugin via bigint arithmetic
  • 818b8ec refactor: rebase
  • 54577b4 test: update
  • 03ee59a feat: allow to disable dev server
Compare

**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/nodeshift-agg/project/cc7f2029-67ef-4484-8942-8996e596ae23?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/nodeshift-agg/project/cc7f2029-67ef-4484-8942-8996e596ae23/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/nodeshift-agg/project/cc7f2029-67ef-4484-8942-8996e596ae23/settings/integration?pkg=webpack&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
coveralls commented 9 months ago

Pull Request Test Coverage Report for Build 7906190974

Details


Totals Coverage Status
Change from base Build 7034846062: 0.0%
Covered Lines: 374
Relevant Lines: 375

💛 - Coveralls
github-actions[bot] commented 8 months ago

This pull request is stale because it has been open 30 days with no activity.