nodeshift / opossum

Node.js circuit breaker - fails fast ⚡️
https://nodeshift.dev/opossum/
Apache License 2.0
1.33k stars 107 forks source link

[Snyk] Upgrade webpack from 5.88.2 to 5.91.0 #857

Closed lholmquist closed 3 months ago

lholmquist commented 7 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade webpack from 5.88.2 to 5.91.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **6 versions** ahead of your current version. - The recommended version was released **a month ago**, on 2024-03-20. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Cross-site Scripting (XSS)
[SNYK-JS-SERIALIZEJAVASCRIPT-6147607](https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607) | **412/1000**
**Why?** Proof of Concept exploit, CVSS 6.1 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: webpack
  • 5.91.0 - 2024-03-20

    Bug Fixes

    • Deserializer for ignored modules doesn't crash
    • Allow the unsafeCache option to be a proxy object
    • Normalize the snapshot.unmanagedPaths option
    • Fixed fs types
    • Fixed resolve's plugins types
    • Fixed wrongly calculate postOrderIndex
    • Fixed watching types
    • Output import attrbiutes/import assertions for external JS imports
    • Throw an error when DllPlugin needs to generate multiple manifest files, but the path is the same
    • [CSS] Output layer/supports/media for external CSS imports

    New Features

    • Allow to customize the stage of BannerPlugin
    • [CSS] Support CSS exports convention
    • [CSS] support CSS local ident name
    • [CSS] Support __webpack_nonce__ for CSS chunks
    • [CSS] Support fetchPriority for CSS chunks
    • [CSS] Allow to use LZW to compress css head meta (enabled in the production mode by default)
    • [CSS] Support prefetch/preload for CSS chunks
  • 5.90.3 - 2024-02-19

    Bug Fixes

    • don't mangle when destructuring a reexport
    • types for Stats.toJson() and Stats.toString()
    • many internal types
    • [CSS] clean up export css local vars

    Perf

    • simplify and optimize chunk graph creation
  • 5.90.2 - 2024-02-15

    Bug Fixes

    • use Math.imul in fnv1a32 to avoid loss of precision, directly hash UTF16 values
    • the setStatus() of the HMR module should not return an array, which may cause infinite recursion
    • __webpack_exports_info__.xxx.canMangle shouldn't always same as default
    • mangle export with destructuring
    • use new runtime to reconsider skipped connections activeState
    • make dynamic import optional in try/catch
    • improve auto publicPath detection

    Dependencies & Maintenance

    • improve CI setup and include Node.js@21
  • 5.90.1 - 2024-02-01

    Bug Fixes

    • set unmanagedPaths in defaults
    • correct preOrderIndex and postOrderIndex
    • add fallback for MIME mismatch error in async wasm loading
    • browsers versions of ECMA features

    Performance

    • optimize compareStringsNumeric
    • optimize numberHash using 32-bit FNV1a for small ranges, 64-bit for larger
    • reuse VM context across webpack magic comments
  • 5.90.0 - 2024-01-24

    Bug Fixes

    • Fixed inner graph for classes
    • Optimized RemoveParentModulesPlugin via bigint arithmetic
    • Fixed worklet detection in production mode
    • Fixed an error for cyclic importModule
    • Fixed types for Server and Dirent
    • Added the fetchPriority to hmr runtime's ensureChunk function
    • Don't warn about dynamic import for build dependencies
    • External module generation respects the output.environment.arrowFunction option
    • Fixed consumimng shared runtime module logic
    • Fixed a runtime logic of multiple chunks
    • Fixed destructing assignment of dynamic import json file
    • Passing errors array for a module hash
    • Added /*#__PURE__*/ to generated JSON.parse()
    • Generated a library manifest after clean plugin
    • Fixed non amd externals and amd library
    • Fixed a bug in SideEffectsFlagPlugin with namespace re-exports
    • Fixed an error message for condition or
    • The strictModuleErrorHandling is now working
    • Clean up child compilation chunk graph to avoid memory leak
    • [CSS] - Fixed CSS import prefer relative resolution
    • [CSS] - Fixed CSS runtime chunk loading error message

    New Features

    • Allow to set false for dev server in webpack.config.js
    • Added a warning for async external when not supported
    • Added a warning for async module when not supported
    • Added the node-module option for the node.__filename/__dirname and enable it by default for ESM target
    • Added the snapshot.unmanagedPaths option
    • Exposed the MultiCompilerOptions type
    • [CSS] - Added CSS parser options to enable/disable named exports
    • [CSS] - Moved CSS the exportsOnly option to CSS generator options

    Dependencies & Maintenance

    • use node.js LTS version for lint
    • bump actions/cache from 3 to 4
    • bump prettier from 3.2.1 to 3.2.3
    • bump assemblyscript
    • bump actions/checkout from 3 to 4

    Full Changelog: v5.89.0...v5.90.0

  • 5.89.0 - 2023-10-13

    New Features

    Dependencies & Maintenance

    Full Changelog: v5.88.2...v5.89.0

  • 5.88.2 - 2023-07-18

    Bug Fixes

    • Fixed a bug where unused identifiers should retain names when using css modules by @ burhanuday in #17444

    Full Changelog: v5.88.1...v5.88.2

from webpack GitHub release notes
Commit messages
Package name: webpack
  • 60daca5 chore(release): 5.91.0
  • 8dad9ce chore(deps-dev): bump @ babel/preset-react from 7.23.3 to 7.24.1
  • a3229f9 chore(deps-dev): bump @ babel/core from 7.24.0 to 7.24.1
  • 40c2e44 chore(deps-dev): bump @ types/node from 20.11.29 to 20.11.30
  • a04faba chore(deps-dev): bump memfs from 4.7.7 to 4.8.0
  • 8f22221 chore(deps): bump es-module-lexer from 1.4.1 to 1.4.2
  • 8df6912 chore(deps): bump es-module-lexer from 1.4.1 to 1.4.2
  • 711c618 chore(deps-dev): bump memfs from 4.7.7 to 4.8.0
  • c462bb3 chore(deps-dev): bump @ types/node from 20.11.29 to 20.11.30
  • f0d3e3e chore(deps-dev): bump @ babel/preset-react from 7.23.3 to 7.24.1
  • c0fecbb chore(deps-dev): bump @ babel/core from 7.24.0 to 7.24.1
  • 60b16bc chore(deps-dev): bump core-js from 3.36.0 to 3.36.1
  • 3e80802 chore(deps-dev): bump @ types/node from 20.11.28 to 20.11.29
  • 5ab1067 chore(deps-dev): bump @ types/node from 20.11.28 to 20.11.29
  • 45cdcea chore(deps-dev): bump core-js from 3.36.0 to 3.36.1
  • 0bc85d1 fix: throw error when dll-plugin needs to generate multiple manifest files, but the path is the same.
  • 7f1ad18 fix(types): more
  • be1d35e fix(types): more
  • 6ccd531 chore(deps-dev): bump @ types/node from 20.11.27 to 20.11.28
  • a76126a chore(deps-dev): bump simple-git from 3.22.0 to 3.23.0
  • cfe8079 chore(deps-dev): bump date-fns from 3.5.0 to 3.6.0
  • 7d84425 chore(deps-dev): bump @ types/node from 20.11.27 to 20.11.28
  • 305c72e chore(deps-dev): bump simple-git from 3.22.0 to 3.23.0
  • d52cea3 chore(deps-dev): bump date-fns from 3.5.0 to 3.6.0
Compare

**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/nodeshift-agg/project/cc7f2029-67ef-4484-8942-8996e596ae23?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/nodeshift-agg/project/cc7f2029-67ef-4484-8942-8996e596ae23/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/nodeshift-agg/project/cc7f2029-67ef-4484-8942-8996e596ae23/settings/integration?pkg=webpack&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
coveralls commented 7 months ago

Pull Request Test Coverage Report for Build 8904751244

Details


Totals Coverage Status
Change from base Build 8894784791: 0.0%
Covered Lines: 374
Relevant Lines: 375

💛 - Coveralls
github-actions[bot] commented 6 months ago

This pull request is stale because it has been open 30 days with no activity.