search

retorquere / zotero-storage-scanner

A Zotero plugin to remove the broken & duplicate attachment link of the bibliography
519 stars 19 forks source link

[Snyk] Upgrade webpack from 4.26.0 to 4.46.0 #27

Closed retorquere closed 1 year ago

retorquere commented 3 years ago

Snyk has created this PR to upgrade webpack from 4.26.0 to 4.46.0.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Arbitrary Code Injection
SNYK-JS-SERIALIZEJAVASCRIPT-570062		 492/1000
Why? Proof of Concept exploit, CVSS 7.7		 Proof of Concept
Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-536840		 492/1000
Why? Proof of Concept exploit, CVSS 7.7		 No Known Exploit
Prototype Pollution
SNYK-JS-INI-1048974		 492/1000
Why? Proof of Concept exploit, CVSS 7.7		 Proof of Concept
Cryptographic Issues
SNYK-JS-ELLIPTIC-571484		 492/1000
Why? Proof of Concept exploit, CVSS 7.7		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ACORN-559469		 492/1000
Why? Proof of Concept exploit, CVSS 7.7		 No Known Exploit
Time of Check Time of Use (TOCTOU)
npm:chownr:20180731		 492/1000
Why? Proof of Concept exploit, CVSS 7.7		 No Known Exploit
Timing Attack
SNYK-JS-ELLIPTIC-511941		 492/1000
Why? Proof of Concept exploit, CVSS 7.7		 No Known Exploit
Cryptographic Issues
SNYK-JS-ELLIPTIC-1064899		 492/1000
Why? Proof of Concept exploit, CVSS 7.7		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: webpack
  • 4.46.0 - 2021-01-11

    Bugfixes

    • fix behavior of defaults for resolve.roots to be backward-compatible
  • 4.45.0 - 2021-01-08

    Features

    • resolve server-relative requests relative to project context by default

    Bugfixes

    • fix a bug where splitChunk minSize is not handled correctly
    • fix a bug where the order of splitChunk cacheGroups is not handled correctly
  • 4.44.2 - 2020-09-17
  • 4.44.1 - 2020-07-30
  • 4.44.0 - 2020-07-24
  • 4.43.0 - 2020-04-21
  • 4.42.1 - 2020-03-24
  • 4.42.0 - 2020-03-02
  • 4.41.6 - 2020-02-11
  • 4.41.5 - 2019-12-27
  • 4.41.4 - 2019-12-19
  • 4.41.3 - 2019-12-16
  • 4.41.2 - 2019-10-15
  • 4.41.1 - 2019-10-11
  • 4.41.0 - 2019-09-24
  • 4.40.3 - 2019-09-24
  • 4.40.2 - 2019-09-13
  • 4.40.1 - 2019-09-13
  • 4.40.0 - 2019-09-12
  • 4.39.3 - 2019-08-27
  • 4.39.2 - 2019-08-13
  • 4.39.1 - 2019-08-02
  • 4.39.0 - 2019-08-01
  • 4.38.0 - 2019-07-26
  • 4.37.0 - 2019-07-23
  • 4.36.1 - 2019-07-17
  • 4.36.0 - 2019-07-17
  • 4.35.3 - 2019-07-08
  • 4.35.2 - 2019-07-01
  • 4.35.1 - 2019-07-01
  • 4.35.0 - 2019-06-20
  • 4.34.0 - 2019-06-12
  • 4.33.0 - 2019-06-04
  • 4.32.2 - 2019-05-22
  • 4.32.1 - 2019-05-22
  • 4.32.0 - 2019-05-20
  • 4.31.0 - 2019-05-09
  • 4.30.0 - 2019-04-12
  • 4.29.6 - 2019-02-28
  • 4.29.5 - 2019-02-18
  • 4.29.4 - 2019-02-15
  • 4.29.3 - 2019-02-07
  • 4.29.2 - 2019-02-06
  • 4.29.1 - 2019-02-04
  • 4.29.0 - 2019-01-20
  • 4.28.4 - 2019-01-10
  • 4.28.3 - 2018-12-29
  • 4.28.2 - 2018-12-22
  • 4.28.1 - 2018-12-20
  • 4.28.0 - 2018-12-19
  • 4.27.1 - 2018-12-05
  • 4.27.0 - 2018-12-04
  • 4.26.1 - 2018-11-25
  • 4.26.0 - 2018-11-19
from webpack GitHub release notes
Commit messages
Package name: webpack
  • 444e59f 4.46.0
  • 758bb25 Merge pull request #12387 from webpack/bugfix/12386
  • 79de1a2 enable backward-compatibility for resolve.roots
  • ef75c04 Fix filename in azure pipeline
  • 7714953 add test case
  • 0331322 4.45.0
  • e43bb4b Merge pull request #12372 from webpack/bugfix/split-chunks-min-size-4
  • 4de8451 fix bug where cacheGroup index was inverted
  • 3f69f3c fix bug where module size is added multiple times to the split chunk info
  • c572c15 Merge pull request #11831 from Pyrolistical/patch-1
  • 811395e Fixed resolve.roots default
  • 2efeb4b 4.44.2
  • 9635616 Merge pull request #11490 from webpack/bugfix/unknown-chunk-4
  • 235b87b make sure to generate correct chunk connection for blocks that are only connected in some runtimes
  • 4a1f068 Merge pull request #11180 from webpack/test/watch-production-4
  • cd4af16 4.44.1
  • 7895778 Merge pull request #11244 from webpack/bugfix/dynamic-reexport-default
  • 46304c8 ignore default export when reexporting a dynamic module
  • 91e81c8 Merge pull request #11190 from merceyz/patch-2
  • 087af7c Merge branch 'webpack-4' into patch-2
  • d4603c6 4.44.0
  • ea06f03 Merge pull request #11225 from webpack/deps/watchpack
  • eae1ba0 update watchpack
  • 42dc038 Merge pull request #11210 from webpack/ci/timeout-4
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs