Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update dependency webpack to v5.76.0 [SECURITY] (#8)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [webpack](https://togithub.com/webpack/webpack) | [`5.74.0` -> `5.76.0`](https://renovatebot.com/diffs/npm/webpack/5.74.0/5.76.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/webpack/5.76.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/webpack/5.76.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/webpack/5.74.0/5.76.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/webpack/5.74.0/5.76.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2023-28154](https://nvd.nist.gov/vuln/detail/CVE-2023-28154) Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object. --- ### Release Notes <details> <summary>webpack/webpack (webpack)</summary> ### [`v5.76.0`](https://togithub.com/webpack/webpack/releases/tag/v5.76.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.75.0...v5.76.0) #### Bugfixes - Avoid cross-realm object access by [@​Jack-Works](https://togithub.com/Jack-Works) in [webpack/webpack#16500 - Improve hash performance via conditional initialization by [@​lvivski](https://togithub.com/lvivski) in [webpack/webpack#16491 - Serialize `generatedCode` info to fix bug in asset module cache restoration by [@​ryanwilsonperkin](https://togithub.com/ryanwilsonperkin) in [webpack/webpack#16703 - Improve performance of `hashRegExp` lookup by [@​ryanwilsonperkin](https://togithub.com/ryanwilsonperkin) in [webpack/webpack#16759 #### Features - add `target` to `LoaderContext` type by [@​askoufis](https://togithub.com/askoufis) in [webpack/webpack#16781 #### Security - [CVE-2022-37603](https://togithub.com/advisories/GHSA-3rfm-jhwj-7488) fixed by [@​akhilgkrishnan](https://togithub.com/akhilgkrishnan) in [webpack/webpack#16446 #### Repo Changes - Fix HTML5 logo in README by [@​jakebailey](https://togithub.com/jakebailey) in [webpack/webpack#16614 - Replace TypeScript logo in README by [@​jakebailey](https://togithub.com/jakebailey) in [webpack/webpack#16613 - Update actions/cache dependencies by [@​piwysocki](https://togithub.com/piwysocki) in [webpack/webpack#16493 #### New Contributors - [@​Jack-Works](https://togithub.com/Jack-Works) made their first contribution in [webpack/webpack#16500 - [@​lvivski](https://togithub.com/lvivski) made their first contribution in [webpack/webpack#16491 - [@​jakebailey](https://togithub.com/jakebailey) made their first contribution in [webpack/webpack#16614 - [@​akhilgkrishnan](https://togithub.com/akhilgkrishnan) made their first contribution in [webpack/webpack#16446 - [@​ryanwilsonperkin](https://togithub.com/ryanwilsonperkin) made their first contribution in [webpack/webpack#16703 - [@​piwysocki](https://togithub.com/piwysocki) made their first contribution in [webpack/webpack#16493 - [@​askoufis](https://togithub.com/askoufis) made their first contribution in [webpack/webpack#16781 **Full Changelog**: webpack/webpack@v5.75.0...v5.76.0 ### [`v5.75.0`](https://togithub.com/webpack/webpack/releases/tag/v5.75.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.74.0...v5.75.0) ### Bugfixes - `experiments.*` normalize to `false` when opt-out - avoid `NaN%` - show the correct error when using a conflicting chunk name in code - HMR code tests existance of `window` before trying to access it - fix `eval-nosources-*` actually exclude sources - fix race condition where no module is returned from processing module - fix position of standalong semicolon in runtime code ### Features - add support for `@import` to extenal CSS when using experimental CSS in node - add `i64` support to the deprecated WASM implementation ### Developer Experience - expose `EnableWasmLoadingPlugin` - add more typings - generate getters instead of readonly properties in typings to allow overriding them </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/sammyfilly/Canary-nextjs).
- Loading branch information