Snyk has created this PR to upgrade webpack from 5.1.1 to 5.9.0.
:sparkles: Snyk has automatically assigned this pull request, set who gets assigned.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 14 versions ahead of your current version.
The recommended version was released 22 days ago, on 2020-11-28.
Snyk has created this PR to upgrade webpack from 5.1.1 to 5.9.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-Y18N-1021887
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-NODEFORGE-598677
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-LODASH-590103
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-AJV-584908
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-AXIOS-1038255
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-KINDOF-537849
Why? Proof of Concept exploit, CVSS 7.3
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: webpack
-
5.9.0 - 2020-11-28
- improve side effects analysis to report imported and reexported symbols as side-effect-free
- fix problem when HMR and different runtimes (e. g. with Workers)
- caused crash with
-
5.8.0 - 2020-11-26
- add the ability to process assets generated in later stages during processAssets
- new processAssets stage:
- add hooks to the RealContentHashPlugin to allow to process custom hashes (e. g. SRI)
- fix typing for child compiler plugins
- SourceMapPlugin will process assets added in later stages during asset processing
-
5.7.0 - 2020-11-26
- CLI supports installing webpack-cli via
- fix problem with ASI detection, causing semicolons inserted after
-
5.6.0 - 2020-11-19
- emit warnings/errors for exports in commonjs modules for which we know that they don't exist
-
5.5.1 - 2020-11-18
- fix crash when __esModule is defined with defineProperty without value
-
5.5.0 - 2020-11-17
- fix ASI issues that occur between concatenated modules
- fix incorrect handling of
- fix side-effect-free handling of exports for concatenated modules that causes an unused export
- make ESM-CJS interop handling consistent
- make
- handle non enumerable exports
- handle inherited exports
- handle exported Promises
-
5.4.0 - 2020-11-03
- fix renaming in super class expression in nested scopes
- fix parsing and handling of browserlist queries
- fix a few edge cases with ESM-CJS interop and .mjs
- fix ASI edge cases
-
5.3.2 - 2020-10-29
- runtime-dependent concatenated modules can generate code for runtime-dependent execution order of concatenated modules
-
5.3.1 - 2020-10-28
- fix incorrect concatenation of modules when multiple runtimes are involved
- fixes a "This should not happen" error
- fixes a
- run CLI correctly after installing
- fixes a huge performance issue when processing minimized code with SourceMap
- Use
- this is more convinient to use
- avoid incorrect store of counts in the ProgressPlugin, which causes unneeded serialization of the Persistent Cache
- upgrade terser-webpack-plugin for performance improvements
- upgrade webpack-sources for performance improvements
-
5.3.0 - 2020-10-27
- generate runtime conditional code when modules are forcefully merged from multiple runtimes
- This fixes a
- disabled source code analysis for side effects in non-production modes
- this causes unnecessary changes to parent modules in development
- add
-
5.2.1 - 2020-10-27
-
5.2.0 - 2020-10-22
-
5.1.3 - 2020-10-16
-
5.1.2 - 2020-10-15
-
5.1.1 - 2020-10-15
from webpack GitHub release notesFeatures
Bugfixes
... has no hash info for runtime ...Features
PROCESS_ASSETS_STAGE_OPTIMIZE_INLINEBugfixes
Features
pnpmBugfixes
if(...)etc.Bugfixes
Bugfixes
Bugfixes
[id]and etc. in SourceMap sources__esModuleflag consistent exposedBugfixes
Bugfixes
Bugfixes
__webpack_require__(null)problemstring[]types instead of[string, ...string[]]for arrays that must not be emptyPerformance
Features and Bugfixes
Cannot read property 'call' of undefinederror in webpack runtime, because modules are used that are not in the graph in one runtimeoptimization.sideEffects: "flag"as option for thisCommit messages
Package name: webpack
- 0e7437d 5.9.0
- 714ed0a Merge pull request #12073 from webpack/dependabot/npm_and_yarn/prettier-2.2.1
- 99d7a20 prettier
- 4600e03 chore(deps-dev): bump prettier from 2.2.0 to 2.2.1
- 6278ac6 Merge pull request #12070 from webpack/dependabot/npm_and_yarn/simple-git-2.24.0
- e2b600d Merge pull request #12067 from webpack/dependabot/npm_and_yarn/babel-loader-8.2.2
- c16e968 Merge pull request #12075 from webpack/bugfix/hmr-multiple-runtimes
- 81b3b7e Merge pull request #12076 from webpack/feature/side-effects-analysis
- 4c3e18f skip worker tests when worker_threads is not supported
- a0d72e6 fix test case
- cf97d04 fix test cases
- c7ea638 improve side effects analysis to report imported and reexports symbols as side-effect-free
- c9fbdb9 avoid a breaking change and use a warning instead
- d46f945 fix problem when HMR and different runtimes
- 9ac2fae chore(deps-dev): bump simple-git from 2.23.0 to 2.24.0
- b66ecfa chore(deps-dev): bump babel-loader from 8.2.1 to 8.2.2
- fb7d09b 5.8.0
- 2aacd90 Merge pull request #11956 from webpack/feature/asset-processing
- ca29e7c add missing name argument in test case for validation
- ed742e0 add test case like html-plugin
- ccfe01a allow to process assets that are added during processAssets
- eb5481a Merge pull request #11948 from jantimon/fix/plugin-types
- fd056e2 Merge pull request #12060 from webpack/deps/update
- 005316c Merge pull request #12062 from webpack/example/reexport
CompareNote: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
👩💻 Set who automatically gets assigned
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs