This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade webpack from 4.32.2 to 4.46.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **33 versions** ahead of your current version.
- The recommended version was released **2 years ago**, on 2021-01-11.
The recommended version fixes:
Severity | Issue | PriorityScore (*) | Exploit Maturity |
:-------------------------:|:-------------------------|-------------------------|:-------------------------
| Arbitrary File Write [SNYK-JS-TAR-1579155](https://snyk.io/vuln/SNYK-JS-TAR-1579155) | **425/1000** **Why?** CVSS 8.5 | No Known Exploit
| Arbitrary File Write [SNYK-JS-TAR-1579152](https://snyk.io/vuln/SNYK-JS-TAR-1579152) | **425/1000** **Why?** CVSS 8.5 | No Known Exploit
| Arbitrary File Write [SNYK-JS-TAR-1579147](https://snyk.io/vuln/SNYK-JS-TAR-1579147) | **425/1000** **Why?** CVSS 8.5 | No Known Exploit
| Arbitrary File Overwrite [SNYK-JS-TAR-1536531](https://snyk.io/vuln/SNYK-JS-TAR-1536531) | **425/1000** **Why?** CVSS 8.5 | No Known Exploit
| Arbitrary File Overwrite [SNYK-JS-TAR-1536528](https://snyk.io/vuln/SNYK-JS-TAR-1536528) | **425/1000** **Why?** CVSS 8.5 | No Known Exploit
| Regular Expression Denial of Service (ReDoS) [SNYK-JS-SSRI-1246392](https://snyk.io/vuln/SNYK-JS-SSRI-1246392) | **425/1000** **Why?** CVSS 8.5 | Proof of Concept
| Arbitrary Code Injection [SNYK-JS-SERIALIZEJAVASCRIPT-570062](https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-570062) | **425/1000** **Why?** CVSS 8.5 | Proof of Concept
| Cross-site Scripting (XSS) [SNYK-JS-SERIALIZEJAVASCRIPT-536840](https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-536840) | **425/1000** **Why?** CVSS 8.5 | No Known Exploit
| Cryptographic Issues [SNYK-JS-ELLIPTIC-571484](https://snyk.io/vuln/SNYK-JS-ELLIPTIC-571484) | **425/1000** **Why?** CVSS 8.5 | Proof of Concept
| Regular Expression Denial of Service (ReDoS) [SNYK-JS-ACORN-559469](https://snyk.io/vuln/SNYK-JS-ACORN-559469) | **425/1000** **Why?** CVSS 8.5 | No Known Exploit
| Regular Expression Denial of Service (ReDoS) [SNYK-JS-TERSER-2806366](https://snyk.io/vuln/SNYK-JS-TERSER-2806366) | **425/1000** **Why?** CVSS 8.5 | No Known Exploit
| Regular Expression Denial of Service (ReDoS) [SNYK-JS-MINIMATCH-3050818](https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818) | **425/1000** **Why?** CVSS 8.5 | No Known Exploit
| Timing Attack [SNYK-JS-ELLIPTIC-511941](https://snyk.io/vuln/SNYK-JS-ELLIPTIC-511941) | **425/1000** **Why?** CVSS 8.5 | No Known Exploit
| Cryptographic Issues [SNYK-JS-ELLIPTIC-1064899](https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899) | **425/1000** **Why?** CVSS 8.5 | No Known Exploit
| Regular Expression Denial of Service (ReDoS) [SNYK-JS-TAR-1536758](https://snyk.io/vuln/SNYK-JS-TAR-1536758) | **425/1000** **Why?** CVSS 8.5 | No Known Exploit
(*) Note that the real score may have changed since the PR was raised.
Release notes Package name: webpack
42dc038 Merge pull request #11210 from webpack/ci/timeout-4
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/jeremy-donson/project/e282be0b-eaae-4798-8b0a-6e0d719bee92?utm_source=github&utm_medium=referral&page=upgrade-pr)
🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/jeremy-donson/project/e282be0b-eaae-4798-8b0a-6e0d719bee92/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/jeremy-donson/project/e282be0b-eaae-4798-8b0a-6e0d719bee92/settings/integration?pkg=webpack&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade webpack from 4.32.2 to 4.46.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **33 versions** ahead of your current version. - The recommended version was released **2 years ago**, on 2021-01-11. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Arbitrary File Write
[SNYK-JS-TAR-1579155](https://snyk.io/vuln/SNYK-JS-TAR-1579155) | **425/1000**
**Why?** CVSS 8.5 | No Known Exploit | Arbitrary File Write
[SNYK-JS-TAR-1579152](https://snyk.io/vuln/SNYK-JS-TAR-1579152) | **425/1000**
**Why?** CVSS 8.5 | No Known Exploit | Arbitrary File Write
[SNYK-JS-TAR-1579147](https://snyk.io/vuln/SNYK-JS-TAR-1579147) | **425/1000**
**Why?** CVSS 8.5 | No Known Exploit | Arbitrary File Overwrite
[SNYK-JS-TAR-1536531](https://snyk.io/vuln/SNYK-JS-TAR-1536531) | **425/1000**
**Why?** CVSS 8.5 | No Known Exploit | Arbitrary File Overwrite
[SNYK-JS-TAR-1536528](https://snyk.io/vuln/SNYK-JS-TAR-1536528) | **425/1000**
**Why?** CVSS 8.5 | No Known Exploit | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SSRI-1246392](https://snyk.io/vuln/SNYK-JS-SSRI-1246392) | **425/1000**
**Why?** CVSS 8.5 | Proof of Concept | Arbitrary Code Injection
[SNYK-JS-SERIALIZEJAVASCRIPT-570062](https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-570062) | **425/1000**
**Why?** CVSS 8.5 | Proof of Concept | Cross-site Scripting (XSS)
[SNYK-JS-SERIALIZEJAVASCRIPT-536840](https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-536840) | **425/1000**
**Why?** CVSS 8.5 | No Known Exploit | Cryptographic Issues
[SNYK-JS-ELLIPTIC-571484](https://snyk.io/vuln/SNYK-JS-ELLIPTIC-571484) | **425/1000**
**Why?** CVSS 8.5 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ACORN-559469](https://snyk.io/vuln/SNYK-JS-ACORN-559469) | **425/1000**
**Why?** CVSS 8.5 | No Known Exploit | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-TERSER-2806366](https://snyk.io/vuln/SNYK-JS-TERSER-2806366) | **425/1000**
**Why?** CVSS 8.5 | No Known Exploit | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-MINIMATCH-3050818](https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818) | **425/1000**
**Why?** CVSS 8.5 | No Known Exploit | Timing Attack
[SNYK-JS-ELLIPTIC-511941](https://snyk.io/vuln/SNYK-JS-ELLIPTIC-511941) | **425/1000**
**Why?** CVSS 8.5 | No Known Exploit | Cryptographic Issues
[SNYK-JS-ELLIPTIC-1064899](https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899) | **425/1000**
**Why?** CVSS 8.5 | No Known Exploit | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-TAR-1536758](https://snyk.io/vuln/SNYK-JS-TAR-1536758) | **425/1000**
**Why?** CVSS 8.5 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: webpack
Bugfixes
resolve.roots
to be backward-compatibleFeatures
Bugfixes
splitChunk
minSize
is not handled correctlysplitChunk
cacheGroups
is not handled correctlyCommit messages
Package name: webpack
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/jeremy-donson/project/e282be0b-eaae-4798-8b0a-6e0d719bee92?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/jeremy-donson/project/e282be0b-eaae-4798-8b0a-6e0d719bee92/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/jeremy-donson/project/e282be0b-eaae-4798-8b0a-6e0d719bee92/settings/integration?pkg=webpack&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)