Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update dependency webpack to v5.76.0 [SECURITY] (#1126)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [webpack](https://togithub.com/webpack/webpack) | [`5.75.0` -> `5.76.0`](https://renovatebot.com/diffs/npm/webpack/5.75.0/5.76.0) | [![age](https://badges.renovateapi.com/packages/npm/webpack/5.76.0/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/npm/webpack/5.76.0/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/npm/webpack/5.76.0/compatibility-slim/5.75.0)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/npm/webpack/5.76.0/confidence-slim/5.75.0)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2023-28154](https://nvd.nist.gov/vuln/detail/CVE-2023-28154) Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object. --- ### Release Notes <details> <summary>webpack/webpack</summary> ### [`v5.76.0`](https://togithub.com/webpack/webpack/releases/tag/v5.76.0) [Compare Source](https://togithub.com/webpack/webpack/compare/v5.75.0...v5.76.0) #### Bugfixes - Avoid cross-realm object access by [@​Jack-Works](https://togithub.com/Jack-Works) in [webpack/webpack#16500 - Improve hash performance via conditional initialization by [@​lvivski](https://togithub.com/lvivski) in [webpack/webpack#16491 - Serialize `generatedCode` info to fix bug in asset module cache restoration by [@​ryanwilsonperkin](https://togithub.com/ryanwilsonperkin) in [webpack/webpack#16703 - Improve performance of `hashRegExp` lookup by [@​ryanwilsonperkin](https://togithub.com/ryanwilsonperkin) in [webpack/webpack#16759 #### Features - add `target` to `LoaderContext` type by [@​askoufis](https://togithub.com/askoufis) in [webpack/webpack#16781 #### Security - [CVE-2022-37603](https://togithub.com/advisories/GHSA-3rfm-jhwj-7488) fixed by [@​akhilgkrishnan](https://togithub.com/akhilgkrishnan) in [webpack/webpack#16446 #### Repo Changes - Fix HTML5 logo in README by [@​jakebailey](https://togithub.com/jakebailey) in [webpack/webpack#16614 - Replace TypeScript logo in README by [@​jakebailey](https://togithub.com/jakebailey) in [webpack/webpack#16613 - Update actions/cache dependencies by [@​piwysocki](https://togithub.com/piwysocki) in [webpack/webpack#16493 #### New Contributors - [@​Jack-Works](https://togithub.com/Jack-Works) made their first contribution in [webpack/webpack#16500 - [@​lvivski](https://togithub.com/lvivski) made their first contribution in [webpack/webpack#16491 - [@​jakebailey](https://togithub.com/jakebailey) made their first contribution in [webpack/webpack#16614 - [@​akhilgkrishnan](https://togithub.com/akhilgkrishnan) made their first contribution in [webpack/webpack#16446 - [@​ryanwilsonperkin](https://togithub.com/ryanwilsonperkin) made their first contribution in [webpack/webpack#16703 - [@​piwysocki](https://togithub.com/piwysocki) made their first contribution in [webpack/webpack#16493 - [@​askoufis](https://togithub.com/askoufis) made their first contribution in [webpack/webpack#16781 **Full Changelog**: webpack/webpack@v5.75.0...v5.76.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4xNTkuMSIsInVwZGF0ZWRJblZlciI6IjM0LjE1OS4xIn0=-->
- Loading branch information