Fix: Properties with the name __proto__ are added to objects and arrays.
(#199) This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (#295).
Fix: Properties with the name __proto__ are added to objects and arrays.
(#199) This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (#295).
remove the --prefetch option in favor the PrefetchPlugin plugin
remove the --node-env option in favor --define-process-env-node-env
remove the --hot option in favor of directly using the HotModuleReplacement plugin (only for build command, for serve it will work)
the behavior logic of the --entry option has been changed - previously it replaced your entries, now the option adds a specified entry, if you want to return the previous behavior please use webpack --entry-reset --entry './src/my-entry.js'
remove the --prefetch option in favor the PrefetchPlugin plugin
remove the --node-env option in favor --define-process-env-node-env
remove the --hot option in favor of directly using the HotModuleReplacement plugin (only for build command, for serve it will work)
the behavior logic of the --entry option has been changed - previously it replaced your entries, now the option adds a specified entry, if you want to return the previous behavior please use webpack --entry-reset --entry './src/my-entry.js'
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrad...
_Description has been truncated_
Bumps json5 to 2.2.2 and updates ancestor dependencies json5, webpack, css-loader, eslint-loader, html-loader, html-webpack-plugin, mini-css-extract-plugin and webpack-cli. These dependencies need to be updated together.
Updates
json5
from 2.2.1 to 2.2.2Release notes
Sourced from json5's releases.
Changelog
Sourced from json5's changelog.
Commits
14f8cb1
2.2.210cc7ca
docs: update CHANGELOG for v2.2.27774c10
fix: add proto to objects and arraysedde30a
Readme: slight tweak to intro97286f8
Improve example in readmed720b4f
Improve readme (e.g. explain JSON5 better!) (#291)910ce25
docs: fix spelling of Aseem2aab4dd
test: require tap as t in cli tests6d42686
test: remove mocha syntax from tests4798b9d
docs: update installation and usage for modulesUpdates
webpack
from 4.46.0 to 5.75.0Release notes
Sourced from webpack's releases.
... (truncated)
Commits
8241da7
5.75.0a91d923
Merge pull request #16458 from webpack/bugfix/semi4608b11
Merge pull request #16457 from webpack/tooling/updatedfdd0b0
Merge pull request #16122 from AnmolBansalDEV/bug/compilationCallback23b9a1c
Merge pull request #16167 from exposir/fixts6f2c5e8
Merge pull request #16257 from alexzhang1030/calc_deterministic_verbosef7f36ad
Merge pull request #16339 from Liamolucko/wasm-i64761a542
fix semicolon position2403a36
Merge pull request #16345 from ahabhgk/fix-eval-nosourcesc18203c
update toolingUpdates
css-loader
from 1.0.1 to 6.7.3Release notes
Sourced from css-loader's releases.
... (truncated)
Changelog
Sourced from css-loader's changelog.
... (truncated)
Commits
ef749f2
chore(release): 6.7.336fb945
chore: fix cspell962924c
fix: removesourceURL
from emitted CSS (#1487)3f3f302
chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2 (#1486)04ca713
chore: update dependencies to the latest version (#1485)9449827
chore: update styfle/cancel-workflow-action (#1484)6c67af8
chore: add cSpell to check spelling issues (#1482)239b9ac
chore(deps): bump loader-utils from 2.0.3 to 2.0.4 (#1481)394d200
chore(release): 6.7.22f4c273
fix: css modules generation with inline syntax (#1480)Updates
eslint-loader
from 2.2.1 to 4.0.2Release notes
Sourced from eslint-loader's releases.
... (truncated)
Changelog
Sourced from eslint-loader's changelog.
... (truncated)
Commits
e732cb5
chore(release): 4.0.27febae0
fix: use fs-extra ^8.1.0ba37e29
chore(release): 4.0.1acae2be
refactor: new cache implementation (#320)c086892
chore(release): 4.0.01a12052
chore: v4.0.0 (#319)6c6a87a
chore(release): 3.0.4953d140
test: jest setTimeoutacecce6
chore: update depsd7be477
chore: update depsUpdates
html-loader
from 0.5.5 to 4.2.0Release notes
Sourced from html-loader's releases.
... (truncated)
Changelog
Sourced from html-loader's changelog.
... (truncated)
Commits
17fbef3
chore(release): 4.2.027a6caf
feat: update html minifier (#462)01905ba
chore: update commitlint action (#461)37d2073
chore: run cancel workflow on pull request (#458)7dd065c
chore: update jest to the latest version (#457)3ddf326
ci: update github workflow security permissions (#456)2457eda
chore: upgrade dependencies to the latest version (#455)3ea5738
ci: add job to cancel previous runs (#454)33cc6d0
chore: update dependencies to the latest version (#453)e81a944
ci: add GitHub token permissions for workflow (#450)Maintainer changes
This version was pushed to npm by evilebottnawi, a new releaser for html-loader since your current version.
Updates
html-webpack-plugin
from 3.0.7 to 5.5.0Changelog
Sourced from html-webpack-plugin's changelog.
... (truncated)
Commits
873d75b
chore(release): 5.5.0ddeb774
chore: update examples1e42625
feat: Support type=module via scriptLoading option7d3645b
Bump pretty-error to 4.0.0 to fix transitive vuln for ansi-regex CVE-2021-380779be779
[chore] changes actions to run on pull_requestsb7e5859
[chore] fixes CI to avoid race conditions48131d3
chore(release): 5.4.016a841a
[chore] rebuild examples3bb7c17
Update index.jse38ac97
Update index.jsMaintainer changes
This version was pushed to npm by jantimon, a new releaser for html-webpack-plugin since your current version.
Updates
mini-css-extract-plugin
from 0.4.5 to 2.7.2Release notes
Sourced from mini-css-extract-plugin's releases.
... (truncated)
Changelog
Sourced from mini-css-extract-plugin's changelog.
... (truncated)
Commits
b616093
chore(release): 2.7.24d98d4b
fix: don't crash in web workers (#1004)5ef989b
chore(deps): bump minimist from 1.2.5 to 1.2.6 (#928)cd7d933
chore(deps): bump loader-utils from 2.0.3 to 2.0.4 (#993)9178a0c
chore: update dependencies to the latest version (#1003)7053ce2
chore(release): 2.7.182ed663
refactor: fix compatibility with old browsers (#1000)7585663
chore(deps): update (#999)6ea0922
fix: preserve order of link tags on HMR (#982)2633446
chore: update styfle/cancel-workflow-action (#996)Updates
webpack-cli
from 3.3.12 to 5.0.1Release notes
Sourced from webpack-cli's releases.
... (truncated)
Changelog
Sourced from webpack-cli's changelog.
... (truncated)
Commits
4a0f893
chore(release): publish new version9de982c
chore: fix cspell32d26c8
chore(deps-dev): bump cspell from 6.15.1 to 6.16.0 (#3517)2788bf9
chore(deps-dev): bump eslint from 8.28.0 to 8.29.0 (#3516)ac88ee4
chore(deps-dev): bump lint-staged from 13.0.4 to 13.1.0 (#3515)346a518
fix: make define-process-env-node-env alias node-env (#3514)3ec7b16
chore(deps): bump yeoman-environment from 3.12.1 to 3.13.0 (#3508)c8adfa6
chore(deps-dev): bump@types/node
from 18.11.9 to 18.11.10 (#3513)0ad8cc2
chore(deps-dev): bump cspell from 6.15.0 to 6.15.1 (#3512)d30f261
chore(deps-dev): bump ts-loader from 9.4.1 to 9.4.2 (#3511)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrad... _Description has been truncated_