search

yurikrupnik / mussia8

Mussia8 base project monorepo poc for api gateway
alfred-lake.vercel.app
MIT License
0 stars 0 forks source link

Update dependency webpack to v5.76.0 [SECURITY] #346

Open renovate[bot] opened 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
webpack 5.51.1 -> 5.76.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.

Release Notes

webpack/webpack (webpack) ### [`v5.76.0`](https://togithub.com/webpack/webpack/releases/tag/v5.76.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.75.0...v5.76.0) #### Bugfixes - Avoid cross-realm object access by [@​Jack-Works](https://togithub.com/Jack-Works) in [https://github.com/webpack/webpack/pull/16500](https://togithub.com/webpack/webpack/pull/16500) - Improve hash performance via conditional initialization by [@​lvivski](https://togithub.com/lvivski) in [https://github.com/webpack/webpack/pull/16491](https://togithub.com/webpack/webpack/pull/16491) - Serialize `generatedCode` info to fix bug in asset module cache restoration by [@​ryanwilsonperkin](https://togithub.com/ryanwilsonperkin) in [https://github.com/webpack/webpack/pull/16703](https://togithub.com/webpack/webpack/pull/16703) - Improve performance of `hashRegExp` lookup by [@​ryanwilsonperkin](https://togithub.com/ryanwilsonperkin) in [https://github.com/webpack/webpack/pull/16759](https://togithub.com/webpack/webpack/pull/16759) #### Features - add `target` to `LoaderContext` type by [@​askoufis](https://togithub.com/askoufis) in [https://github.com/webpack/webpack/pull/16781](https://togithub.com/webpack/webpack/pull/16781) #### Security - [CVE-2022-37603](https://togithub.com/advisories/GHSA-3rfm-jhwj-7488) fixed by [@​akhilgkrishnan](https://togithub.com/akhilgkrishnan) in [https://github.com/webpack/webpack/pull/16446](https://togithub.com/webpack/webpack/pull/16446) #### Repo Changes - Fix HTML5 logo in README by [@​jakebailey](https://togithub.com/jakebailey) in [https://github.com/webpack/webpack/pull/16614](https://togithub.com/webpack/webpack/pull/16614) - Replace TypeScript logo in README by [@​jakebailey](https://togithub.com/jakebailey) in [https://github.com/webpack/webpack/pull/16613](https://togithub.com/webpack/webpack/pull/16613) - Update actions/cache dependencies by [@​piwysocki](https://togithub.com/piwysocki) in [https://github.com/webpack/webpack/pull/16493](https://togithub.com/webpack/webpack/pull/16493) #### New Contributors - [@​Jack-Works](https://togithub.com/Jack-Works) made their first contribution in [https://github.com/webpack/webpack/pull/16500](https://togithub.com/webpack/webpack/pull/16500) - [@​lvivski](https://togithub.com/lvivski) made their first contribution in [https://github.com/webpack/webpack/pull/16491](https://togithub.com/webpack/webpack/pull/16491) - [@​jakebailey](https://togithub.com/jakebailey) made their first contribution in [https://github.com/webpack/webpack/pull/16614](https://togithub.com/webpack/webpack/pull/16614) - [@​akhilgkrishnan](https://togithub.com/akhilgkrishnan) made their first contribution in [https://github.com/webpack/webpack/pull/16446](https://togithub.com/webpack/webpack/pull/16446) - [@​ryanwilsonperkin](https://togithub.com/ryanwilsonperkin) made their first contribution in [https://github.com/webpack/webpack/pull/16703](https://togithub.com/webpack/webpack/pull/16703) - [@​piwysocki](https://togithub.com/piwysocki) made their first contribution in [https://github.com/webpack/webpack/pull/16493](https://togithub.com/webpack/webpack/pull/16493) - [@​askoufis](https://togithub.com/askoufis) made their first contribution in [https://github.com/webpack/webpack/pull/16781](https://togithub.com/webpack/webpack/pull/16781) **Full Changelog**: https://github.com/webpack/webpack/compare/v5.75.0...v5.76.0 ### [`v5.75.0`](https://togithub.com/webpack/webpack/releases/tag/v5.75.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.74.0...v5.75.0) ### Bugfixes - `experiments.*` normalize to `false` when opt-out - avoid `NaN%` - show the correct error when using a conflicting chunk name in code - HMR code tests existance of `window` before trying to access it - fix `eval-nosources-*` actually exclude sources - fix race condition where no module is returned from processing module - fix position of standalong semicolon in runtime code ### Features - add support for `@import` to extenal CSS when using experimental CSS in node - add `i64` support to the deprecated WASM implementation ### Developer Experience - expose `EnableWasmLoadingPlugin` - add more typings - generate getters instead of readonly properties in typings to allow overriding them ### [`v5.74.0`](https://togithub.com/webpack/webpack/releases/tag/v5.74.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.73.0...v5.74.0) ### Features - add `resolve.extensionAlias` option which allows to alias extensions - This is useful when you are forced to add the `.js` extension to imports when the file really has a `.ts` extension (typescript + `"type": "module"`) - add support for ES2022 features like static blocks - add Tree Shaking support for `ProvidePlugin` ### Bugfixes - fix persistent cache when some build dependencies are on a different windows drive - make order of evaluation of side-effect-free modules deterministic between concatenated and non-concatenated modules - remove left-over from debugging in TLA/async modules runtime code - remove unneeded extra 1s timestamp offset during watching when files are actually untouched - This sometimes caused an additional second build which are not really needed - fix `shareScope` option for `ModuleFederationPlugin` - set `"use-credentials"` also for same origin scripts ### Performance - Improve memory usage and performance of aggregating needed files/directories for watching - This affects rebuild performance ### Extensibility - export `HarmonyImportDependency` for plugins ### [`v5.73.0`](https://togithub.com/webpack/webpack/releases/tag/v5.73.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.72.1...v5.73.0) ### Features - add options for default `dynamicImportMode` and prefetch and preload - add support for `import { createRequire } from "module"` in source code ### Bugfixes - fix code generation of e. g. `return"field"in Module` - fix performance of large JSON modules - fix performance of async modules evaluation ### Developer Experience - export `PathData` in typings - improve error messages with more details ### [`v5.72.1`](https://togithub.com/webpack/webpack/releases/tag/v5.72.1) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.72.0...v5.72.1) ### Bugfixes - fix `__webpack_nonce__` with HMR - fix `in` operator in some cases - fix json parsing error messages - fix module concatenation with using `this.importModule` - upgrade enhanced-resolve ### [`v5.72.0`](https://togithub.com/webpack/webpack/releases/tag/v5.72.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.71.0...v5.72.0) ### Features - make cache warnings caused by build errors less verbose - Allow banner to be placed as a footer with the BannerPlugin - allow to concatenate asset modules ### Bugfixes - fix RemoteModules when using HMR (Module Federation + HMR) - throw error when using module concatenation and cacheUnaffected - fix `in` operator with nested exports ### [`v5.71.0`](https://togithub.com/webpack/webpack/releases/tag/v5.71.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.70.0...v5.71.0) ### Features - choose smarter default for `uniqueName` when using a `output.library` which includes placeholders - add support for expressions with `in` of a imported binding - generate UMD code with arrow functions when possible ### Bugfixes - fix source map source names for ContextModule to be relative - fix `chunkLoading` option in module module - fix edge case where `evaluateExpression` returns `null` - retain optional chaining in imported bindings - include runtime code for the base URI even if not using chunk loading - don't throw errors in persistent caching when importing node.js builtin modules via ESM - fix crash when using `lazy-once` Context modules - improve handling of context modules with multiple contexts - fix race condition HMR chunk loading when importing chunks during HMR updating - handle errors in `runAsChild` callback ### [`v5.70.0`](https://togithub.com/webpack/webpack/releases/tag/v5.70.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.69.1...v5.70.0) ### Features - update node.js version constraints for ESM support - add `baseUri` to `entry` options to configure a static base uri (the base of `new URL()`) - alphabetically sort exports in namespace objects when possible - add `__webpack_exports_info__.name.canMangle` - add proxy support to `experiments.buildHttp` - `import.meta.webpackContext` as ESM alternative to `require.context` - handle multiple alternative directories (e. g. due to resolve.alias or resolve.modules) when creating an context module ### Bugfixes - fix problem when assigning `global` to a variable - fix crash when using `experiments.outputModule` and `loaderContext.importModule` with multiple chunks - avoid generating progress output before the compilation has started (ProgressPlugin) - fix handling of non-static-ESM dependencies with using TLA and HMR in the same module - include the asset module filename in hashing - `output.clean` will keep HMR assets for at least 10s to allow HMR to access them even when compilation is faster then the browser ### Performance - fix asset caching when using the BannerPlugin ### Developer Experience - improve typings ### Contributing - capture caching errors when running the test suite ### [`v5.69.1`](https://togithub.com/webpack/webpack/releases/tag/v5.69.1) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.69.0...v5.69.1) ### Revert - revert "handle multiple alternative directories (e. g. due to resolve.alias or resolve.modules) when creating an context module" ### [`v5.69.0`](https://togithub.com/webpack/webpack/releases/tag/v5.69.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.68.0...v5.69.0) ### Features - automatically switch to an ESM compatible environment when enabling ESM output mode - handle multiple alternative directories (e. g. due to `resolve.alias` or `resolve.modules`) when creating an context module - add `util/types` to node.js built-in modules - add `__webpack_exports_info__..canMangle` api ### Bugfixes - fix bug in chunk graph generation which leads to modules being included in chunk desprite them being already included in parent chunks - avoid writing more than 2GB at once during cache serialization (as workaround for node.js/libuv bug on MacOS) - fix handling of whitespaces in semver ranges when using Module Federation - avoid generating hashes which contain only numbers as they likely conflict with module ids - fix resource name based placeholders for data uris - fix cache serialization for context elements - fix passing of `stage` option when instrumenting plugins for the ProfilingPlugin - fix tracking of declarations in concatenated modules to avoid conflicts - fix unstable mangling of exports - fix handling of `#` in paths of loaders - avoid unnecessary cache update when using `experiments.buildHttp` ### Contributing - update typescript and jest ### Developer Experience - expose some additional typings for usage in webpack-cli ### [`v5.68.0`](https://togithub.com/webpack/webpack/releases/tag/v5.68.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.67.0...v5.68.0) ### Features - allow to disable compile time evaluation of import.meta.url - add `__webpack_module__` and `__webpack_module__.id` to the api ### Bugfixes - fix handling of errors thrown in async modules ### [`v5.67.0`](https://togithub.com/webpack/webpack/releases/tag/v5.67.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.66.0...v5.67.0) ### Features - add 'outputPath' configuration option for resource asset modules - support Trusted Types in eval source maps - `experiments.css` - allow to generate only exports for css in node - add `SyncModuleIdsPlugin` to sync module ids between server and client compilation - add more options to the `DeterministicModuleIdsPlugin` to allow to generate equal ids ### Developer Experience - limit data url module name in stats printer - allow specific description for CLI options - improve space limiting algorithm in stats printing to show partial lists - add `null` to errors in callbacks - fix call signature types of addChunkInGroup ### Bugfixes - avoid reporting non-existant package.jsons as dependencies - `experiments.css` - fix missing css runtime when only initial css is used - fix css hmr support - bugfixes to css modules - fix cache serialization for CreateScriptUrlDependency - fix data url content when processed by a loader - fix regexp in identifiers that include `|` - fix ProfilingPlugin for watch scenarios - add layer to module names and identifiers - this avoid random module id changes when additional modules are added to another layer - provide hashFunction parameter to DependencyTemplates to allow customizing it there - fix HMR when experiments.lazyCompilation is enabled - store url as Buffer to avoid serialization warnings - exclude `webpack-hot-middleware/client` from lazy compilation ### Contributing - remove travis configuration - improve spell checking ### [`v5.66.0`](https://togithub.com/webpack/webpack/releases/tag/v5.66.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.65.0...v5.66.0) ### Features - add `output.library.type: "commonjs-static"` to emit a statically analyse-able commonjs module (for node.js esm interop support) - add `experiments.css` (very experimental) - see [https://github.com/webpack/webpack/issues/14893](https://togithub.com/webpack/webpack/issues/14893) ### Bugfixes - fix CORS headers for `experiments.lazyCompilation` - fix `[absolute-resource-path]` for SourceMap module naming - avoid stack overflow when accessing many memory cached cache values in series ### Performance - reduce default `watchOptions.aggregateTimeout` to 20ms ### [`v5.65.0`](https://togithub.com/webpack/webpack/releases/tag/v5.65.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.64.4...v5.65.0) ### Features - static evaluation understands `undefined` now - reduce container entry code by a few chars - use template literals when available and they make sense ### Bugfixes - handle `singleton` flag without `requiredVersion` in Module Federation - upgrade `watchpack` for context time info bugfix ### Performance - improve RegExp in error message formating for non-quadratic performance ### Developer Experience - automatically insert brackets when `output.globalObject` contains a non-trival expression - show error when using `script` type external with invalid syntax - expose types for `Resolver`, `StatsOptions` and `ResolvePluginInstance` ### Preparations for the future - `hashDigestLength` will default to 16 in webpack 6 (`experiments.futureDefaults`) ### [`v5.64.4`](https://togithub.com/webpack/webpack/releases/tag/v5.64.4) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.64.3...v5.64.4) ### Bugfixes - fix tagged template literal evaluation - fix ModuleFederation with ESM - fix outputModule with intial splitChunks ### Performance - upgrade watchpack for faster watcher updating - track file and directory timestamps separately in watchpack and webpack ### Developer Experience - show origin of singleton shared module in mismatch warning ### [`v5.64.3`](https://togithub.com/webpack/webpack/releases/tag/v5.64.3) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.64.2...v5.64.3) ### Performance - allow to use pre-compiled schema when `Infinity` is used in configuration - allow to use pre-compiled schema for configuration arrays ### [`v5.64.2`](https://togithub.com/webpack/webpack/releases/tag/v5.64.2) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.64.1...v5.64.2) ### Bugfixes - avoid double initial compilation due to invalid dependencies with managedPaths ### [`v5.64.1`](https://togithub.com/webpack/webpack/releases/tag/v5.64.1) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.64.0...v5.64.1) ### Bugfixes - fix regexp in managedPaths to exclude additional slash - make module.accept errorHandler optional in typings - correctly create an async chunk when using a `require(...).property` in `require.ensure` - fix cleaning of symlinks in `output.clean: true` - fix change detection with `unsafeCache` within `managedPaths` (node_modules) - bump webpack-sources for Stack Overflow bugfix ### [`v5.64.0`](https://togithub.com/webpack/webpack/releases/tag/v5.64.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.63.0...v5.64.0) ### Features - add `asyncChunks: boolean` option to disable creation of async chunks ### Bugfixes - fix ProfilingPlugin for `experiments.backCompat: false` ### Performance - avoid running regexp twice over the file list ### [`v5.63.0`](https://togithub.com/webpack/webpack/releases/tag/v5.63.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.62.2...v5.63.0) ### Features - allow passing `chunkLoading: false` to disable on-demand loading ### Bugfixes - fix `import 'single-quote'` in esm build dependencies ### [`v5.62.2`](https://togithub.com/webpack/webpack/releases/tag/v5.62.2) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.62.1...v5.62.2) ### Bugfixes - fix `__system_context__` injection when using the `library` option on entrypoint - enable `exportsPresence: "error"` by default in `futureDefaults` - fix bad performance for a RegExp in Stats printing (with large error messages) - fix `exportPresence` -> `exportsPresence` typo - fix a bug with module invalidation when only module id changes with `experiments.cacheUnaffected` ### [`v5.62.1`](https://togithub.com/webpack/webpack/releases/tag/v5.62.1) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.62.0...v5.62.1) ### Bugfix - fix invalid generated code when omitting `;` ### [`v5.62.0`](https://togithub.com/webpack/webpack/releases/tag/v5.62.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.61.0...v5.62.0) ### Features - add options to configure export presence checking - `parser.javascript.reexportExportsPresence: false` allows to disable warnings for non-existing exports during the migration from `export ... from "..."` to `export type ... from "..."` for type reexports in TypeScript - add `experiments.backCompat: false` to disable some expensive deprecations for better performance ### Bugfixes - use `['catch']` instead of `.catch` for better ES3 support - fix removed parentheses when using `new (require("...")).Something()` - fix `{ require }` object literals - `splitChunks.chunks` option is now correctly used for `splitChunks.fallbackCacheGroup.maxSize` too - fix schema of `listen` option, allow to omit `port` - add better support for Promises from different isolates ### Developer Experience - add typings for the webpack API that is available within modules - use `/// ` to use the typings in typescript modules - or `"types": [..., "webpack/module"]` in tsconfig ### [`v5.61.0`](https://togithub.com/webpack/webpack/releases/tag/v5.61.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.60.0...v5.61.0) ### Bugfixes - use a wasm md4 implementation for node 17 support - include the `path` submodules in the node.js default externals ### Performance - improve string to binary conversion performance for hashing ### Contribution - CI runs on node.js 17 ### [`v5.60.0`](https://togithub.com/webpack/webpack/releases/tag/v5.60.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.59.1...v5.60.0) ### Features - Allow to pass more options to `experiments.lazyCompilation`. e. g. port, https stuff ### Bugfixes - fix `output.hashFunction` used to persistent caching too - Initialize `buildDependencies` Set correctly when loaders are added in `beforeLoaders` hook ### [`v5.59.1`](https://togithub.com/webpack/webpack/releases/tag/v5.59.1) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.59.0...v5.59.1) ### Bugfixes - fix regexp in managedPaths - fix hanging when trying to write lockfile for `experiments.buildHttp` ### [`v5.59.0`](https://togithub.com/webpack/webpack/releases/tag/v5.59.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.58.2...v5.59.0) ### Features - add `/*#__PURE__*/` for `Object()` in generated code - add RegExp and function support for `managed/immutablePaths` - add hooks for multiple phases in module build - improvements to `experiments.buildHttp` - allow to share cache - add allowlist - add `splitChunks.minSizeReduction` option ### Bugfixes - fix memory caching for Data URLs - fix crash in `waitFor` when modules are unsafe cached - fix bug in build cycle detection ### [`v5.58.2`](https://togithub.com/webpack/webpack/releases/tag/v5.58.2) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.58.1...v5.58.2) ### Bugfixes - fix serialization context passed - fix a bug which caused module duplication when using persistent caching, unsafe cache and memory cache with GC - fix validation of snapshots of non-existing directories ### Performance - store a hash in first bits of bigint to workaround v8 hashing: https://github.com/v8/v8/blob/b704bc0958e2e26305a68e89d215af1aee011148/src/objects/bigint.h#L192-L195 ### [`v5.58.1`](https://togithub.com/webpack/webpack/releases/tag/v5.58.1) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.58.0...v5.58.1) ### Bugfixes - fix `.webpack[]` suffix to not execute rules - revert performance optimization that has too large memory usage in large builds ### [`v5.58.0`](https://togithub.com/webpack/webpack/releases/tag/v5.58.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.57.1...v5.58.0) ### Features - add hook for readResource - add `diagnostics_channel` to node builtins ### Performance - improve chunk graph creation performance - add cacheUnaffected cache support - remove some caching that makes not difference - improve splitChunks performance - improve chunk conditions performance ### [`v5.57.1`](https://togithub.com/webpack/webpack/releases/tag/v5.57.1) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.57.0...v5.57.1) ### Bugfix - fix experiments.cacheUnaffected which broke by last release ### [`v5.57.0`](https://togithub.com/webpack/webpack/releases/tag/v5.57.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.56.1...v5.57.0) ### Performance - reduce number of hash.update calls - allow ExternalModules to be unsafe cached - improve hashing performance of module lists (StringXor) ### Bugfixes - experiments.cacheUnaffected - handle module/chunk id changes correctly - cache modules with async blocks - show errors when using incompatible options ### [`v5.56.1`](https://togithub.com/webpack/webpack/releases/tag/v5.56.1) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.56.0...v5.56.1) ### Bugfix - DefinePlugin: fix conflict with older variants of the plugin ### [`v5.56.0`](https://togithub.com/webpack/webpack/releases/tag/v5.56.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.55.1...v5.56.0) ### Performance - make DefinePlugin rebuild check more efficient performance and memory wise ### [`v5.55.1`](https://togithub.com/webpack/webpack/releases/tag/v5.55.1) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.55.0...v5.55.1) ### Bugfixes - fixes for `experiments.cacheUnaffected` - fix accidentically shared mem caches - avoid RuntimeSpecMap in favor of directly setting on memCache - compare references modules when restoring mem cache ### [`v5.55.0`](https://togithub.com/webpack/webpack/releases/tag/v5.55.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.54.0...v5.55.0) ### Performance - `experiments.cacheUnaffected` - reduce cache memory usage - make memCache per module - cache ESM reexport computation - `module.unsafeCache` - make it faster by moving it to Compilation-level instead of in NormalModuleFactory - omit tracking resolve dependencies since they are not used when unsafe cache is enabled - module graph - lazy assign ModuleGraphConnections to Dependencies since that is only accessed when uncached ### [`v5.54.0`](https://togithub.com/webpack/webpack/releases/tag/v5.54.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.53.0...v5.54.0) ### Features - improve constant folding to allow to skip more branches for `&&` `||` and `??` - allow all hashing using in webpack to be configured with `output.hashFunction` - no longer bailout completely from inner graph analysis when `eval` is used in a module ### Bugfixes - force bump enhanced-resolve for bugfixes ### Performance - reduce number of allocation when creating snapshots - add `output.hashFunction: "xxhash64"` for a super fast wasm based hash function - improve utf-8 conversion when serializing short strings - improve hashing performance for dependencies - add `experiments.cacheUnaffected` which caches computations for modules that are unchanged and reference only unchanged modules ### [`v5.53.0`](https://togithub.com/webpack/webpack/releases/tag/v5.53.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.52.1...v5.53.0) ### Features - add `node.__dirname/__filename: "warn-mock"` which warns on usage (will be enabled in webpack 6 by default) ### Bugfixes - add `stream/web` to Node.js externals - fix IgnorePluginSchema - fix builds with persistent caching taking 1 minute to build at least ### Experiments - add `experiments.futureDefaults` to enable defaults for webpack 6 ### [`v5.52.1`](https://togithub.com/webpack/webpack/releases/tag/v5.52.1) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.52.0...v5.52.1) ### Performance - split fresh created persistent cache files by time to avoid creating very large files ### [`v5.52.0`](https://togithub.com/webpack/webpack/releases/tag/v5.52.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.51.2...v5.52.0) ### Feature - `experiments.executeModule` is enabled by default and the option is removed - loaders are now free to use `this.importModule` ### Bugfixes - fix generated `__WEBPACK_EXTERNAL_MODULE_null__`, which leads to merged externals - `.webpack[...]` extension is not part of matching and module name ### [`v5.51.2`](https://togithub.com/webpack/webpack/releases/tag/v5.51.2) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.51.1...v5.51.2) ### Bugfixes - fix crash in FileSystemInfo when errors occur - avoid property access of reserved properties - fix reexports from async modules - automatically close an active watching when closing the compiler - when filenames of other runtimes are referenced that need a full hash, upgrade referencing runtime moduel to full hash mode too - fixes a bug where `[contenthash]` is undefined when using `new Worker`

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

secure-code-warrior-for-github[bot] commented 1 year ago

Micro-Learning Topic: Race condition (Detected by phrase)

Matched on "race condition"

What is this? (2min video)

A race condition is a flaw that produces an unexpected result when the timing of actions impact other actions.

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Stack overflow (Detected by phrase)

Matched on "stack overflow"

What is this? (2min video)

Also referred to as Stack buffer overflows. This vulnerability occurs when data received by a program is written to a memory location on the stack and the allocated space is not large enough to take the whole input. If proper boundary checks are not implemented, or unsafe functions like sprintf, fgets etc. are used which don't require a destination size limit the stack memory after the target buffer may be written to, allowing an attacker to alter the normal behaviour of the program. Most modern compilers now have a secure switch which may reorder stack variables and generate extra code to protect against this type of vulnerability.

Try a challenge in Secure Code Warrior