[Snyk] Upgrade webpack from 5.30.0 to 5.82.1 #3

jydmyk · 2023-06-05T19:23:22Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade webpack from 5.30.0 to 5.82.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 87 versions ahead of your current version.
The recommended version was released a month ago, on 2023-05-10.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Sandbox Bypass SNYK-JS-WEBPACK-3358798	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: webpack

5.82.1 - 2023-05-10
Bug Fixes
- [CSS] - Support nesting in CSS modules and bug fixes by @ alexander-akait in #17133
- [CSS] - Fix crash with importModule when CSS enabled by @ alexander-akait in #17140
- Fix bug where output.hashFunction was failing to generate debug hash by @ ahabhgk in #16950
- Reduce the amount of generated code for chunk loading by @ lvivski in #17151
- Use module preload for ESM module output by @ alexander-akait in #17143
Developer Experience
- Improve module type strictness for Module.prototype.type expand ModuleTypeConstants by @ TheLarkInn in #17136
Dependencies & Maintenance
- Update package.json description by @ JeraldVin in #17145
- Bump webpack-cli from 5.0.2 to 5.1.0 by @ dependabot in #17146
- Bump core-js from 3.30.1 to 3.30.2 by @ dependabot in #17149
- Bump enhanced-resolve to v5.14.0 by @ snitin315 in #17160
New Contributors
- @ JeraldVin made their first contribution in #17145
Full Changelog: v5.82.0...v5.82.1
5.82.0 - 2023-05-03
Read more
5.81.0 - 2023-04-26
New Features
- [CSS] - Increased CSS import support and new hooks included for CSS module creation by @ alexander-akait in #17057
- Logging now added to DefinePlugin by @ alexander-akait in #17048
- New ignoreBrowserWarnings option to ignore browser console warnings in ModuleFederation by @ indeediansbrett in #16388
Bug Fixes
- [CSS] - Fix issue where vendor prefixed keyframes and animation was not supported in CSS modules by @ alexander-akait in #16975
- Fix bug where AST was not properly handled by @ quanru in #17032
- Fix automatic publicPath detection logic by @ alexander-akait in #17047
Tests & Contributor Experience
- Rename provide to getOrInsert in MapHelpers and document it better by @ TheLarkInn in #17060
- Increase test reliability for DefinePlugin @ alexander-akait in #17062
- Add additional CI Pipeline to test main branches of first-party webpack dependencies by @ alexander-akait in #17020
- Refactor tests to no longer use deprecated or legacy dependencies and APIs by @ alexander-akait in #17033
Developer Experience
- Increase type coverage/documentation for ModuleFilenameHelpers by @ TheLarkInn in #17045
- Increase type coverage/documentation for CommonJsExportsParserPlugin by @ TheLarkInn in #17046
- Increase type coverage/documentation for binarySearchBounds.js by @ TheLarkInn in #17058
- Export MemoryCacheOptions types by @ romulof in #17055
Dependencies & Maintenance
- Add NodeJS v20 to CI Matrix by @ alexander-akait in #17019
- Update Typescript to v5 by @ alexander-akait in #16957
- Bump @ types/estree from 1.0.0 to 1.0.1 by @ dependabot in #17026
- Bump @ types/node from 18.15.11 to 18.15.13 by @ dependabot in #17038
- Bump assemblyscript from 0.27.2 to 0.27.3 by @ dependabot in #17051
- Bump memfs from 3.5.0 to 3.5.1 by @ dependabot in #17039
- Bump prettier from 2.8.7 to 2.8.8 by @ dependabot in #17050
- Bump simple-git from 3.17.0 to 3.18.0 by @ dependabot in #17066
New Contributors
- @ quanru made their first contribution in #17032
- @ romulof made their first contribution in #17055
- @ indeediansbrett made their first contribution in #16388
Full Changelog: v5.80.0...v5.81.0
5.80.0 - 2023-04-19
Read more
5.79.0 - 2023-04-12
Read more
5.78.0 - 2023-04-05
Read more
5.77.0 - 2023-03-29
Read more
5.76.3 - 2023-03-22
Read more
5.76.2 - 2023-03-15
Read more
5.76.1 - 2023-03-10
Read more
5.76.0 - 2023-03-08
5.75.0 - 2022-11-09
5.74.0 - 2022-07-25
5.73.0 - 2022-06-02
5.72.1 - 2022-05-10
5.72.0 - 2022-04-07
5.71.0 - 2022-04-01
5.70.0 - 2022-03-03
5.69.1 - 2022-02-17
5.69.0 - 2022-02-15
5.68.0 - 2022-01-31
5.67.0 - 2022-01-21
5.66.0 - 2022-01-12
5.65.0 - 2021-12-06
5.64.4 - 2021-11-25
5.64.3 - 2021-11-24
5.64.2 - 2021-11-20
5.64.1 - 2021-11-15
5.64.0 - 2021-11-11
5.63.0 - 2021-11-09
5.62.2 - 2021-11-09
5.62.1 - 2021-11-05
5.62.0 - 2021-11-05
5.61.0 - 2021-10-29
5.60.0 - 2021-10-25
5.59.1 - 2021-10-20
5.59.0 - 2021-10-19
5.58.2 - 2021-10-13
5.58.1 - 2021-10-08
5.58.0 - 2021-10-07
5.57.1 - 2021-10-05
5.57.0 - 2021-10-05
5.56.1 - 2021-10-04
5.56.0 - 2021-10-01
5.55.1 - 2021-09-29
5.55.0 - 2021-09-28
5.54.0 - 2021-09-24
5.53.0 - 2021-09-16
5.52.1 - 2021-09-10
5.52.0 - 2021-09-03
5.51.2 - 2021-09-02
5.51.1 - 2021-08-19
5.51.0 - 2021-08-19
5.50.0 - 2021-08-10
5.49.0 - 2021-08-06
5.48.0 - 2021-08-02
5.47.1 - 2021-07-29
5.47.0 - 2021-07-27
5.46.0 - 2021-07-22
5.45.1 - 2021-07-16
5.45.0 - 2021-07-16
5.44.0 - 2021-07-08
5.43.0 - 2021-07-06
5.42.1 - 2021-07-05
5.42.0 - 2021-07-02
5.41.1 - 2021-06-29
5.41.0 - 2021-06-28
5.40.0 - 2021-06-21
5.39.1 - 2021-06-17
5.39.0 - 2021-06-14
5.38.1 - 2021-05-27
5.38.0 - 2021-05-27
5.37.1 - 2021-05-19
5.37.0 - 2021-05-10
5.36.2 - 2021-04-30
5.36.1 - 2021-04-28
5.36.0 - 2021-04-27
5.35.1 - 2021-04-23
5.35.0 - 2021-04-21
5.34.0 - 2021-04-19
5.33.2 - 2021-04-14
5.33.1 - 2021-04-14
5.33.0 - 2021-04-14
5.32.0 - 2021-04-12
5.31.2 - 2021-04-09
5.31.1 - 2021-04-09
5.31.0 - 2021-04-07
5.30.0 - 2021-04-01

from webpack GitHub release notes

Commit messages

Package name: webpack

a8fd8b7 5.82.1
f5deb28 Merge pull request Change update github/docs#17160 from snitin315/update-enhanced-resolve
57ecbab fix: update FileSystemInfo types and fix lint
12f9588 fix: udpate types
460b4d6 feat: update enhanced-resolve to v5.14.0
ba56e05 Merge pull request Portare rispetto e non razzismo github/docs#17151 from lvivski/chunk-loading
79fe72c Merge pull request PLC Clear English Standard Gold github/docs#17149 from webpack/dependabot/npm_and_yarn/core-js-3.30.2
4ef538e Merge pull request Update hello-world.md github/docs#17146 from webpack/dependabot/npm_and_yarn/webpack-cli-5.1.0
bcb37ca Merge pull request repo sync github/docs#17145 from JeraldVin/patch-2
c722c2c Regenerate snapshots
8ccb7fa Remove else branch for `if (true)`
513842c Merge pull request Update about-dependabot-alerts.md github/docs#17143 from webpack/issue-16838
7fc5abf Merge pull request Discuss community health files on "Create a repo" page github/docs#16950 from ahabhgk/fix-debug-hash
282ed8d Merge pull request fix: replace "Github" with "GitHub" github/docs#17140 from webpack/issue-17139
409ece5 Merge pull request Rename content/get-started/quickstart/index.md to содержание/начать/б… github/docs#17133 from webpack/css-fixes
6073a7e chore: update package.json description
3693238 chore(deps-dev): bump core-js from 3.30.1 to 3.30.2
9c9057b chore(deps-dev): bump webpack-cli from 5.0.2 to 5.1.0
0d1c631 chore: update package.json description
b938ba2 add test
aae53c7 use prefix
ff0a20a fix: failed with debug hash
8dbe8ed fix: logic for `false`
56efad7 fix: use rel modulepreload for esm modules

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade webpack from 5.30.0 to 5.82.1. See this package in npm: https://www.npmjs.com/package/webpack See this project in Snyk: https://app.snyk.io/org/jydmyk/project/d3172c69-ffb8-4227-8717-c9970c220d42?utm_source=github&utm_medium=referral&page=upgrade-pr

socket-security · 2023-06-05T19:29:55Z

New dependency changes detected. Learn more about Socket for GitHub ↗︎

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore es5-ext@0.10.62
@SocketSecurity ignore styled-components@5.3.11

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package	Script field	Source
es5-ext@0.10.62 (upgraded)	`postinstall`	`package.json` via resolve-url-loader@3.1.5

🧌 Protestware/Troll package

This package is a joke, parody, or includes undocumented or hidden behavior unrelated to its primary function.

Package	Note	Source
styled-components@5.3.11 (upgraded)	This package prints a protestware console message regarding Ukraine for users with Russian language locale	`package.json` via @primer/components@28.5.0, babel-plugin-styled-components@1.13.3

Pull request alert summary

Issue	Status
Install scripts	⚠️ 1 issue
Native code	✅ 0 issues
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	⚠️ 1 issue

📊 Modified Dependency Overview:

➕ Added Package	Capability Access	`+/-` Transitive Count	Publisher
node-fetch@2.6.11	None	`+4`	node-fetch-bot
strip-ansi@6.0.1	None	`+1`	sindresorhus
classnames@2.3.2	None	`+0`	dcousens

⬆️ Updated Package	Version Diff	Added Capability Access	`+/-` Transitive Count	Publisher
domwaiter@1.4.0	1.1.0...1.4.0	network	`+35/-28`	zeke
next@10.2.3	10.2.0...10.2.3	None	`+58/-121`	zeit-bot
lunr-languages@1.12.0	1.4.0...1.12.0	None	`+0/-0`	mihaivalentin
js-yaml@3.14.1	3.14.0...3.14.1	None	`+0/-0`	vitaly
rss-parser@3.13.0	3.12.0...3.13.0	None	`+2/-2`	bobby-brennan
jest-github-actions-reporter@1.0.3	1.0.2...1.0.3	None	`+3/-1`	cschleiden
date-fns@2.30.0	2.21.3...2.30.0	None	`+2/-0`	kossnocorp
github-slugger@1.5.0	1.2.1...1.5.0	None	`+0/-1`	wooorm
uuid@8.3.2	8.3.0...8.3.2	None	`+0/-0`	ctavan
eslint-plugin-promise@4.3.1	4.2.1...4.3.1	None	`+0/-0`	xjamundx
npm-merge-driver-install@2.0.2	2.0.0...2.0.2	None	`+2/-0`	brandonocasey
sass-loader@9.0.3	9.0.2...9.0.3	None	`+12/-65`	evilebottnawi
mime@2.6.0	2.5.2...2.6.0	None	`+0/-0`	broofa
pa11y-ci@2.4.2	2.4.0...2.4.2	None	`+37/-25`	joseluisbolos
husky@4.3.8	4.2.1...4.3.8	None	`+19/-19`	typicode
glob@7.2.3	7.1.6...7.2.3	None	`+2/-3`	isaacs
typescript@4.9.5	4.2.4...4.9.5	None	`+0/-0`	typescript-bot
object-hash@2.2.0	2.0.1...2.2.0	None	`+0/-0`	addaleax
@primer/components@28.5.0	28.0.1...28.5.0	None	`+41/-35`	primer-css
cross-env@7.0.3	7.0.2...7.0.3	None	`+0/-1`	kentcdodds
csv-parse@4.16.3	4.8.8...4.16.3	environment	`+0/-0`	david
express-timeout-handler@2.2.2	2.2.0...2.2.2	None	`+0/-0`	hilleer
replace@1.2.2	1.2.0...1.2.2	None	`+8/-8`	almaclaine
website-scraper@4.2.3	4.2.0...4.2.3	None	`+23/-21`	s0ph1e
start-server-and-test@1.15.5	1.12.0...1.15.5	environment	`+20/-27`	bahmutov
chalk@4.1.2	4.1.0...4.1.2	None	`+0/-2`	sindresorhus
directory-tree@2.4.0	2.2.6...2.4.0	None	`+0/-0`	mihneadb
nodemon@2.0.22	2.0.4...2.0.22	network	`+10/-41`	remy
mockdate@3.0.5	3.0.2...3.0.5	None	`+0/-0`	boblauer
morgan@1.10.0	1.9.1...1.10.0	None	`+0/-1`	dougwilson
cookie-parser@1.4.6	1.4.5...1.4.6	None	`+1/-0`	dougwilson
eslint-plugin-import@2.27.5	2.22.1...2.27.5	None	`+103/-94`	ljharb
resolve-url-loader@3.1.5	3.1.2...3.1.5	None	`+14/-13`	bholloway
jest-expect-message@1.1.3	1.0.2...1.1.3	None	`+0/-0`	mattphillips
@types/react@17.0.60	17.0.4...17.0.60	None	`+3/-3`	types
robots-parser@2.4.0	2.1.1...2.4.0	None	`+0/-0`	samclarke
html-entities@1.4.0	1.2.1...1.4.0	None	`+0/-0`	mdevils
javascript-stringify@2.1.0	2.0.1...2.1.0	None	`+0/-0`	blakeembrey
express-rate-limit@5.5.1	5.1.3...5.5.1	None	`+0/-0`	nfriedly
express@4.18.2	4.17.1...4.18.2	network	`+29/-17`	dougwilson
hot-shots@8.5.2	8.2.0...8.5.2	None	`+2/-2`	bdeitte
flat@5.0.2	5.0.0...5.0.2	None	`+0/-1`	timoxley
copy-webpack-plugin@6.4.1	6.0.3...6.4.1	None	`+35/-83`	evilebottnawi
gray-matter@4.0.3	4.0.2...4.0.3	None	`+1/-1`	rmassaioli
csv-parser@2.3.5	2.3.3...2.3.5	None	`+2/-3`	trysound
@babel/plugin-proposal-class-properties@7.18.6	7.12.13...7.18.6	shell	`+47/-24`	nicolo-ribaudo
liquidjs@9.43.0	9.22.1...9.43.0	None	`+0/-0`	harttle
@types/react-dom@17.0.20	17.0.3...17.0.20	None	`+4/-4`	types
aws-sdk@2.1390.0	2.610.0...2.1390.0	eval, environment	`+18/-6`	aws-sdk-bot
@babel/plugin-transform-runtime@7.22.4	7.11.0...7.22.4	shell	`+51/-29`	nicolo-ribaudo
nock@13.3.1	13.0.4...13.3.1	None	`+1/-1`	nockbot
babel-loader@8.3.0	8.1.0...8.3.0	shell	`+48/-88`	nicolo-ribaudo
mini-css-extract-plugin@1.6.2	1.4.1...1.6.2	None	`+7/-54`	evilebottnawi
styled-components@5.3.11	5.3.0...5.3.11	None	`+31/-23`	probablyup
cheerio@1.0.0-rc.12	1.0.0-rc.3...1.0.0-rc.12	network	`+12/-4`	feedic
@babel/plugin-transform-modules-commonjs@7.21.5	7.12.13...7.21.5	shell	`+41/-23`	nicolo-ribaudo
eslint@7.32.0	7.13.0...7.32.0	eval	`+42/-46`	eslintbot
eslint-config-standard@16.0.3	16.0.1...16.0.3	None	`+106/-97`	linusu
@graphql-inspector/core@2.9.0	2.3.0...2.9.0	None	`+3/-2`	kamilkisiela
@babel/preset-react@7.22.3	7.12.13...7.22.3	shell	`+47/-29`	nicolo-ribaudo
@actions/core@1.10.0	1.2.6...1.10.0	environment	`+2/-0`	thboop
commander@6.2.1	6.2.0...6.2.1	None	`+0/-0`	abetomo
helmet@3.23.3	3.21.2...3.23.3	None	`+2/-2`	evanhahn
webpack-cli@4.10.0	4.6.0...4.10.0	environment	`+16/-71`	evilebottnawi
webpack-dev-middleware@4.3.0	4.1.0...4.3.0	environment	`+11/-54`	evilebottnawi
async@3.2.4	3.2.0...3.2.4	None	`+0/-0`	hargasinski
@babel/core@7.22.1	7.12.13...7.22.1	shell	`+39/-21`	nicolo-ribaudo
linkinator@2.16.2	2.13.6...2.16.2	None	`+65/-68`	justinbeckwith
babel-plugin-styled-components@1.13.3	1.12.0...1.13.3	None	`+31/-23`	probablyup
prettier@2.8.8	2.1.2...2.8.8	environment	`+0/-0`	prettier-bot
@babel/plugin-transform-modules-amd@7.20.11	7.12.13...7.20.11	shell	`+41/-23`	nicolo-ribaudo
@babel/preset-env@7.22.4	7.12.13...7.22.4	shell	`+132/-88`	nicolo-ribaudo
jimp@0.16.13	0.16.1...0.16.13	None	`+53/-46`	alisowski
react-dom@17.0.2	17.0.1...17.0.2	None	`+2/-2`	gaearon
@babel/plugin-transform-react-jsx@7.22.3	7.12.13...7.22.3	shell	`+43/-25`	nicolo-ribaudo
redis@3.1.2	3.1.1...3.1.2	None	`+1/-1`	leibale
style-loader@1.3.0	1.2.1...1.3.0	None	`+6/-56`	evilebottnawi
react@17.0.2	17.0.1...17.0.2	None	`+0/-0`	gaearon
graphql@14.7.0	14.6.0...14.7.0	None	`+0/-0`	i1g
sass@1.62.1	1.26.3...1.62.1	filesystem	`+4/-7`	sassbot
@types/lodash@4.14.195	4.14.168...4.14.195	None	`+0/-0`	types
dotenv@8.6.0	8.2.0...8.6.0	None	`+0/-0`	motdotla
@babel/runtime@7.22.3	7.11.2...7.22.3	None	`+1/-1`	nicolo-ribaudo
@graphql-tools/load@6.2.8	6.2.5...6.2.8	None	`+26/-23`	ardatan
@primer/css@16.3.0	16.2.0...16.3.0	None	`+1/-2`	primer-css

🚮 Removed packages: ajv@6.11.0, mkdirp@1.0.3, rimraf@3.0.0, webpack@5.30.0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade webpack from 5.30.0 to 5.82.1 #3

[Snyk] Upgrade webpack from 5.30.0 to 5.82.1 #3

jydmyk commented Jun 5, 2023

Bug Fixes

Developer Experience

Dependencies & Maintenance

New Contributors

New Features

Bug Fixes

Tests & Contributor Experience

Developer Experience

Dependencies & Maintenance

New Contributors

socket-security bot commented Jun 5, 2023

[Snyk] Upgrade webpack from 5.30.0 to 5.82.1 #3

Are you sure you want to change the base?

[Snyk] Upgrade webpack from 5.30.0 to 5.82.1 #3

Conversation

jydmyk commented Jun 5, 2023

Snyk has created this PR to upgrade webpack from 5.30.0 to 5.82.1.

Bug Fixes

Developer Experience

Dependencies & Maintenance

New Contributors

New Features

Bug Fixes

Tests & Contributor Experience

Developer Experience

Dependencies & Maintenance

New Contributors

socket-security bot commented Jun 5, 2023