This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade webpack from 4.32.2 to 4.46.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **33 versions** ahead of your current version.
- The recommended version was released **2 years ago**, on 2021-01-11.
The recommended version fixes:
Severity | Issue | PriorityScore (*) | Exploit Maturity |
:-------------------------:|:-------------------------|-------------------------|:-------------------------
| Arbitrary File Write [SNYK-JS-TAR-1579155](https://snyk.io/vuln/SNYK-JS-TAR-1579155) | **425/1000** **Why?** CVSS 8.5 | No Known Exploit
| Arbitrary File Write [SNYK-JS-TAR-1579152](https://snyk.io/vuln/SNYK-JS-TAR-1579152) | **425/1000** **Why?** CVSS 8.5 | No Known Exploit
| Arbitrary File Write [SNYK-JS-TAR-1579147](https://snyk.io/vuln/SNYK-JS-TAR-1579147) | **425/1000** **Why?** CVSS 8.5 | No Known Exploit
| Arbitrary File Overwrite [SNYK-JS-TAR-1536531](https://snyk.io/vuln/SNYK-JS-TAR-1536531) | **425/1000** **Why?** CVSS 8.5 | No Known Exploit
| Arbitrary File Overwrite [SNYK-JS-TAR-1536528](https://snyk.io/vuln/SNYK-JS-TAR-1536528) | **425/1000** **Why?** CVSS 8.5 | No Known Exploit
| Regular Expression Denial of Service (ReDoS) [SNYK-JS-SSRI-1246392](https://snyk.io/vuln/SNYK-JS-SSRI-1246392) | **425/1000** **Why?** CVSS 8.5 | Proof of Concept
| Arbitrary Code Injection [SNYK-JS-SERIALIZEJAVASCRIPT-570062](https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-570062) | **425/1000** **Why?** CVSS 8.5 | Proof of Concept
| Cross-site Scripting (XSS) [SNYK-JS-SERIALIZEJAVASCRIPT-536840](https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-536840) | **425/1000** **Why?** CVSS 8.5 | No Known Exploit
| Cryptographic Issues [SNYK-JS-ELLIPTIC-571484](https://snyk.io/vuln/SNYK-JS-ELLIPTIC-571484) | **425/1000** **Why?** CVSS 8.5 | Proof of Concept
| Regular Expression Denial of Service (ReDoS) [SNYK-JS-ACORN-559469](https://snyk.io/vuln/SNYK-JS-ACORN-559469) | **425/1000** **Why?** CVSS 8.5 | No Known Exploit
| Regular Expression Denial of Service (ReDoS) [SNYK-JS-TERSER-2806366](https://snyk.io/vuln/SNYK-JS-TERSER-2806366) | **425/1000** **Why?** CVSS 8.5 | No Known Exploit
| Regular Expression Denial of Service (ReDoS) [SNYK-JS-MINIMATCH-3050818](https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818) | **425/1000** **Why?** CVSS 8.5 | No Known Exploit
| Timing Attack [SNYK-JS-ELLIPTIC-511941](https://snyk.io/vuln/SNYK-JS-ELLIPTIC-511941) | **425/1000** **Why?** CVSS 8.5 | No Known Exploit
| Cryptographic Issues [SNYK-JS-ELLIPTIC-1064899](https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899) | **425/1000** **Why?** CVSS 8.5 | No Known Exploit
| Regular Expression Denial of Service (ReDoS) [SNYK-JS-TAR-1536758](https://snyk.io/vuln/SNYK-JS-TAR-1536758) | **425/1000** **Why?** CVSS 8.5 | No Known Exploit
(*) Note that the real score may have changed since the PR was raised.
Release notes Package name: webpack
42dc038 Merge pull request #11210 from webpack/ci/timeout-4
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/jeremy-donson/project/e282be0b-eaae-4798-8b0a-6e0d719bee92?utm_source=github&utm_medium=referral&page=upgrade-pr)
🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/jeremy-donson/project/e282be0b-eaae-4798-8b0a-6e0d719bee92/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/jeremy-donson/project/e282be0b-eaae-4798-8b0a-6e0d719bee92/settings/integration?pkg=webpack&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade webpack from 4.32.2 to 4.46.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **33 versions** ahead of your current version. - The recommended version was released **2 years ago**, on 2021-01-11. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:-------------------------
[SNYK-JS-TAR-1579155](https://snyk.io/vuln/SNYK-JS-TAR-1579155) | **425/1000**
**Why?** CVSS 8.5 | No Known Exploit
[SNYK-JS-TAR-1579152](https://snyk.io/vuln/SNYK-JS-TAR-1579152) | **425/1000**
**Why?** CVSS 8.5 | No Known Exploit
[SNYK-JS-TAR-1579147](https://snyk.io/vuln/SNYK-JS-TAR-1579147) | **425/1000**
**Why?** CVSS 8.5 | No Known Exploit
[SNYK-JS-TAR-1536531](https://snyk.io/vuln/SNYK-JS-TAR-1536531) | **425/1000**
**Why?** CVSS 8.5 | No Known Exploit
[SNYK-JS-TAR-1536528](https://snyk.io/vuln/SNYK-JS-TAR-1536528) | **425/1000**
**Why?** CVSS 8.5 | No Known Exploit
[SNYK-JS-SSRI-1246392](https://snyk.io/vuln/SNYK-JS-SSRI-1246392) | **425/1000**
**Why?** CVSS 8.5 | Proof of Concept
[SNYK-JS-SERIALIZEJAVASCRIPT-570062](https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-570062) | **425/1000**
**Why?** CVSS 8.5 | Proof of Concept
[SNYK-JS-SERIALIZEJAVASCRIPT-536840](https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-536840) | **425/1000**
**Why?** CVSS 8.5 | No Known Exploit
[SNYK-JS-ELLIPTIC-571484](https://snyk.io/vuln/SNYK-JS-ELLIPTIC-571484) | **425/1000**
**Why?** CVSS 8.5 | Proof of Concept
[SNYK-JS-ACORN-559469](https://snyk.io/vuln/SNYK-JS-ACORN-559469) | **425/1000**
**Why?** CVSS 8.5 | No Known Exploit
[SNYK-JS-TERSER-2806366](https://snyk.io/vuln/SNYK-JS-TERSER-2806366) | **425/1000**
**Why?** CVSS 8.5 | No Known Exploit
[SNYK-JS-MINIMATCH-3050818](https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818) | **425/1000**
**Why?** CVSS 8.5 | No Known Exploit
[SNYK-JS-ELLIPTIC-511941](https://snyk.io/vuln/SNYK-JS-ELLIPTIC-511941) | **425/1000**
**Why?** CVSS 8.5 | No Known Exploit
[SNYK-JS-ELLIPTIC-1064899](https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899) | **425/1000**
**Why?** CVSS 8.5 | No Known Exploit
[SNYK-JS-TAR-1536758](https://snyk.io/vuln/SNYK-JS-TAR-1536758) | **425/1000**
**Why?** CVSS 8.5 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: webpack
-
4.46.0 - 2021-01-11
- fix behavior of defaults for
-
4.45.0 - 2021-01-08
- resolve server-relative requests relative to project context by default
- fix a bug where
- fix a bug where the order of
-
4.44.2 - 2020-09-17
-
4.44.1 - 2020-07-30
-
4.44.0 - 2020-07-24
-
4.43.0 - 2020-04-21
-
4.42.1 - 2020-03-24
-
4.42.0 - 2020-03-02
-
4.41.6 - 2020-02-11
-
4.41.5 - 2019-12-27
-
4.41.4 - 2019-12-19
-
4.41.3 - 2019-12-16
-
4.41.2 - 2019-10-15
-
4.41.1 - 2019-10-11
-
4.41.0 - 2019-09-24
-
4.40.3 - 2019-09-24
-
4.40.2 - 2019-09-13
-
4.40.1 - 2019-09-13
-
4.40.0 - 2019-09-12
-
4.39.3 - 2019-08-27
-
4.39.2 - 2019-08-13
-
4.39.1 - 2019-08-02
-
4.39.0 - 2019-08-01
-
4.38.0 - 2019-07-26
-
4.37.0 - 2019-07-23
-
4.36.1 - 2019-07-17
-
4.36.0 - 2019-07-17
-
4.35.3 - 2019-07-08
-
4.35.2 - 2019-07-01
-
4.35.1 - 2019-07-01
-
4.35.0 - 2019-06-20
-
4.34.0 - 2019-06-12
-
4.33.0 - 2019-06-04
-
4.32.2 - 2019-05-22
from webpack GitHub release notesBugfixes
resolve.rootsto be backward-compatibleFeatures
Bugfixes
splitChunkminSizeis not handled correctlysplitChunkcacheGroupsis not handled correctlyCommit messages
Package name: webpack
- 444e59f 4.46.0
- 758bb25 Merge pull request #12387 from webpack/bugfix/12386
- 79de1a2 enable backward-compatibility for resolve.roots
- ef75c04 Fix filename in azure pipeline
- 7714953 add test case
- 0331322 4.45.0
- e43bb4b Merge pull request #12372 from webpack/bugfix/split-chunks-min-size-4
- 4de8451 fix bug where cacheGroup index was inverted
- 3f69f3c fix bug where module size is added multiple times to the split chunk info
- c572c15 Merge pull request #11831 from Pyrolistical/patch-1
- 811395e Fixed resolve.roots default
- 2efeb4b 4.44.2
- 9635616 Merge pull request #11490 from webpack/bugfix/unknown-chunk-4
- 235b87b make sure to generate correct chunk connection for blocks that are only connected in some runtimes
- 4a1f068 Merge pull request #11180 from webpack/test/watch-production-4
- cd4af16 4.44.1
- 7895778 Merge pull request #11244 from webpack/bugfix/dynamic-reexport-default
- 46304c8 ignore default export when reexporting a dynamic module
- 91e81c8 Merge pull request #11190 from merceyz/patch-2
- 087af7c Merge branch 'webpack-4' into patch-2
- d4603c6 4.44.0
- ea06f03 Merge pull request #11225 from webpack/deps/watchpack
- eae1ba0 update watchpack
- 42dc038 Merge pull request #11210 from webpack/ci/timeout-4
Compare**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: