[Snyk] Upgrade webpack from 5.88.2 to 5.90.0

lholmquist commented 8 months ago

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade webpack from 5.88.2 to 5.90.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

- The recommended version is **2 versions** ahead of your current version. - The recommended version was released **21 days ago**, on 2024-01-24. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:-------------------------

| Cross-site Scripting (XSS)
[SNYK-JS-SERIALIZEJAVASCRIPT-6147607](https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607) | **412/1000**
**Why?** Proof of Concept exploit, CVSS 6.1 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: webpack

5.90.0 - 2024-01-24
Bug Fixes
- Fixed inner graph for classes
- Optimized RemoveParentModulesPlugin via bigint arithmetic
- Fixed worklet detection in production mode
- Fixed an error for cyclic importModule
- Fixed types for Server and Dirent
- Added the fetchPriority to hmr runtime's ensureChunk function
- Don't warn about dynamic import for build dependencies
- External module generation respects the output.environment.arrowFunction option
- Fixed consumimng shared runtime module logic
- Fixed a runtime logic of multiple chunks
- Fixed destructing assignment of dynamic import json file
- Passing errors array for a module hash
- Added /*#__PURE__*/ to generated JSON.parse()
- Generated a library manifest after clean plugin
- Fixed non amd externals and amd library
- Fixed a bug in SideEffectsFlagPlugin with namespace re-exports
- Fixed an error message for condition or
- The strictModuleErrorHandling is now working
- Clean up child compilation chunk graph to avoid memory leak
- [CSS] - Fixed CSS import prefer relative resolution
- [CSS] - Fixed CSS runtime chunk loading error message
New Features
- Allow to set false for dev server in webpack.config.js
- Added a warning for async external when not supported
- Added a warning for async module when not supported
- Added the node-module option for the node.__filename/__dirname and enable it by default for ESM target
- Added the snapshot.unmanagedPaths option
- Exposed the MultiCompilerOptions type
- [CSS] - Added CSS parser options to enable/disable named exports
- [CSS] - Moved CSS the exportsOnly option to CSS generator options
Dependencies & Maintenance
- use node.js LTS version for lint
- bump actions/cache from 3 to 4
- bump prettier from 3.2.1 to 3.2.3
- bump assemblyscript
- bump actions/checkout from 3 to 4
Full Changelog: v5.89.0...v5.90.0
5.89.0 - 2023-10-13
New Features
- Make CommonJS import preserve chained expressions by @ bworline in #17718
Dependencies & Maintenance
- chore(deps-dev): bump @ types/node from 20.3.1 to 20.4.8 by @ dependabot in #17568
- docs: add example for stats detailed output by @ ersachin3112 in #17420
- docs: add example for stats normal output by @ ersachin3112 in #17426
- chore(deps-dev): bump core-js from 3.31.0 to 3.32.0 by @ dependabot in #17539
- chore(deps-dev): bump pretty-format from 29.5.0 to 29.6.2 by @ dependabot in #17536
- chore(deps-dev): bump @ types/node from 20.4.8 to 20.4.9 by @ dependabot in #17583
- chore(deps-dev): bump less from 4.1.3 to 4.2.0 by @ dependabot in #17580
- chore(deps): bump semver from 5.7.1 to 5.7.2 by @ dependabot in #17483
- chore(deps-dev): bump simple-git from 3.19.0 to 3.19.1 by @ dependabot in #17427
- chore(deps-dev): bump @ types/node from 20.4.9 to 20.6.0 by @ dependabot in #17666
Full Changelog: v5.88.2...v5.89.0
5.88.2 - 2023-07-18
Bug Fixes
- Fixed a bug where unused identifiers should retain names when using css modules by @ burhanuday in #17444
Full Changelog: v5.88.1...v5.88.2

from webpack GitHub release notes

Commit messages

Package name: webpack

4a26623 chore(release): 5.90.0
f03e96e fix: inner graph for classes
b6c1430 test: added
28948dd fix: inner graph
5a9ed6d fix: inner graph
c8d9d97 fix: inner graph for classes
3022995 fix: inner graph for classes
f857674 fix: worklet detection in production mode
2d6f5fa feat: allow to set `false` for dev server
644cd47 test: added
413eb12 fix: worklet detection in production mode
81623b6 perf: optimize RemoveParentModulesPlugin via bigint arithmetic
b295fd3 fix: css import prefer relative resolution
4af32a9 fix: error for cyclic importModule
45a33f4 update snapshot
fb2ca7c fix: css-import should apply preferRelative
b3ea520 fix
de0e598 fix: error for cyclic importModule
a4e994b Remove lib directive
fd4c36d Remove wrapper objects
b187e2f Optimize RemoveParentModulePlugin via bigint arithmetic
818b8ec refactor: rebase
54577b4 test: update
03ee59a feat: allow to disable dev server

Compare

**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/nodeshift-agg/project/cc7f2029-67ef-4484-8942-8996e596ae23?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/nodeshift-agg/project/cc7f2029-67ef-4484-8942-8996e596ae23/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/nodeshift-agg/project/cc7f2029-67ef-4484-8942-8996e596ae23/settings/integration?pkg=webpack&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)