search

webdiscus / pug-plugin

Renders Pug template to HTML or template function. Resolves source files of scripts, styles, images in Pug . Uses Pug template as entry point.
https://webdiscus.github.io/pug-plugin/hello-world
ISC License
73 stars 8 forks source link

[Snyk] Upgrade webpack from 5.89.0 to 5.90.1 #97

Closed webdiscus closed 9 months ago

webdiscus commented 9 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade webpack from 5.89.0 to 5.90.1.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **2 versions** ahead of your current version. - The recommended version was released **21 days ago**, on 2024-02-01. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Cross-site Scripting (XSS)
[SNYK-JS-SERIALIZEJAVASCRIPT-6147607](https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607) | **412/1000**
**Why?** Proof of Concept exploit, CVSS 6.1 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: webpack
  • 5.90.1 - 2024-02-01

    Bug Fixes

    • set unmanagedPaths in defaults
    • correct preOrderIndex and postOrderIndex
    • add fallback for MIME mismatch error in async wasm loading
    • browsers versions of ECMA features

    Performance

    • optimize compareStringsNumeric
    • optimize numberHash using 32-bit FNV1a for small ranges, 64-bit for larger
    • reuse VM context across webpack magic comments
  • 5.90.0 - 2024-01-24

    Bug Fixes

    • Fixed inner graph for classes
    • Optimized RemoveParentModulesPlugin via bigint arithmetic
    • Fixed worklet detection in production mode
    • Fixed an error for cyclic importModule
    • Fixed types for Server and Dirent
    • Added the fetchPriority to hmr runtime's ensureChunk function
    • Don't warn about dynamic import for build dependencies
    • External module generation respects the output.environment.arrowFunction option
    • Fixed consumimng shared runtime module logic
    • Fixed a runtime logic of multiple chunks
    • Fixed destructing assignment of dynamic import json file
    • Passing errors array for a module hash
    • Added /*#__PURE__*/ to generated JSON.parse()
    • Generated a library manifest after clean plugin
    • Fixed non amd externals and amd library
    • Fixed a bug in SideEffectsFlagPlugin with namespace re-exports
    • Fixed an error message for condition or
    • The strictModuleErrorHandling is now working
    • Clean up child compilation chunk graph to avoid memory leak
    • [CSS] - Fixed CSS import prefer relative resolution
    • [CSS] - Fixed CSS runtime chunk loading error message

    New Features

    • Allow to set false for dev server in webpack.config.js
    • Added a warning for async external when not supported
    • Added a warning for async module when not supported
    • Added the node-module option for the node.__filename/__dirname and enable it by default for ESM target
    • Added the snapshot.unmanagedPaths option
    • Exposed the MultiCompilerOptions type
    • [CSS] - Added CSS parser options to enable/disable named exports
    • [CSS] - Moved CSS the exportsOnly option to CSS generator options

    Dependencies & Maintenance

    • use node.js LTS version for lint
    • bump actions/cache from 3 to 4
    • bump prettier from 3.2.1 to 3.2.3
    • bump assemblyscript
    • bump actions/checkout from 3 to 4

    Full Changelog: v5.89.0...v5.90.0

  • 5.89.0 - 2023-10-13

    New Features

    Dependencies & Maintenance

    Full Changelog: v5.88.2...v5.89.0

from webpack GitHub release notes
Commit messages
Package name: webpack
  • 0877076 chore(release): 5.90.1
  • c6e8b70 perf: reuse VM context across webpack magic comments
  • 7cbf145 fix(types): update
  • cc6a628 fix: browsers versions of ECMA features
  • 41b453e perf: optimize `numberHash` using 32-bit FNV1a for small ranges, 64-bit for larger
  • dc9b86f chore(deps): bump codecov/codecov-action from 3 to 4
  • 316da8f chore(deps): bump codecov/codecov-action from 3 to 4
  • fbf92fe Reuse VM context across webpack magic comments
  • 05f4412 Update test cases
  • cd6d64e Adjust threshold
  • a5f96ee Optimize numberHash using 32-bit FNV1a
  • e493fc7 fix: more for other features
  • b66ae58 fix: async function support in browserslist
  • b9fb99c fix: correct preOrderIndex and postOrderIndex
  • ce537e9 fix: add fallback for MIME mismatch error in async wasm loading
  • d99434a perf: optimize compareStringsNumeric
  • d2d8053 chore: update snapshots
  • 3dbbe2f fix: handle instantiateStreaming resolved branch
  • c7fc02e refactor(types): more
  • 2cd85a2 Optimize compareStringsNumeric
  • 9b8e506 chore: update test cases
  • adfd400 fix: add fallback for MIME mismatch error in async wasm loading
  • ca2fe13 chore(types): more
  • fc33aaf fix: correct preOrderIndex and postOrderIndex
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/webdiscus/project/0c2ccce9-ffd1-42ce-afc4-a0b172ea08f4?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/webdiscus/project/0c2ccce9-ffd1-42ce-afc4-a0b172ea08f4/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/webdiscus/project/0c2ccce9-ffd1-42ce-afc4-a0b172ea08f4/settings/integration?pkg=webpack&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)