From 1d8cf8c5f358ca2b60651f216806b288fb0b35c1 Mon Sep 17 00:00:00 2001
From: Mend Renovate <bot@renovateapp.com>
Date: Mon, 20 Mar 2023 04:00:19 +0000
Subject: [PATCH] Update dependency webpack to v5.76.0 [SECURITY] (#1126)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [webpack](https://togithub.com/webpack/webpack) | [`5.75.0` ->
`5.76.0`](https://renovatebot.com/diffs/npm/webpack/5.75.0/5.76.0) |
[![age](https://badges.renovateapi.com/packages/npm/webpack/5.76.0/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/npm/webpack/5.76.0/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/npm/webpack/5.76.0/compatibility-slim/5.75.0)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/npm/webpack/5.76.0/confidence-slim/5.75.0)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

#### [CVE-2023-28154](https://nvd.nist.gov/vuln/detail/CVE-2023-28154)

Webpack 5 before 5.76.0 does not avoid cross-realm object access.
ImportParserPlugin.js mishandles the magic comment feature. An attacker
who controls a property of an untrusted object can obtain access to the
real global object.

---

### Release Notes

<details>
<summary>webpack/webpack</summary>

###
[`v5.76.0`](https://togithub.com/webpack/webpack/releases/tag/v5.76.0)

[Compare
Source](https://togithub.com/webpack/webpack/compare/v5.75.0...v5.76.0)

#### Bugfixes

- Avoid cross-realm object access by
[@&#8203;Jack-Works](https://togithub.com/Jack-Works) in
[https://github.com/webpack/webpack/pull/16500](https://togithub.com/webpack/webpack/pull/16500)
- Improve hash performance via conditional initialization by
[@&#8203;lvivski](https://togithub.com/lvivski) in
[https://github.com/webpack/webpack/pull/16491](https://togithub.com/webpack/webpack/pull/16491)
- Serialize `generatedCode` info to fix bug in asset module cache
restoration by
[@&#8203;ryanwilsonperkin](https://togithub.com/ryanwilsonperkin) in
[https://github.com/webpack/webpack/pull/16703](https://togithub.com/webpack/webpack/pull/16703)
- Improve performance of `hashRegExp` lookup by
[@&#8203;ryanwilsonperkin](https://togithub.com/ryanwilsonperkin) in
[https://github.com/webpack/webpack/pull/16759](https://togithub.com/webpack/webpack/pull/16759)

#### Features

- add `target` to `LoaderContext` type by
[@&#8203;askoufis](https://togithub.com/askoufis) in
[https://github.com/webpack/webpack/pull/16781](https://togithub.com/webpack/webpack/pull/16781)

#### Security

- [CVE-2022-37603](https://togithub.com/advisories/GHSA-3rfm-jhwj-7488)
fixed by [@&#8203;akhilgkrishnan](https://togithub.com/akhilgkrishnan)
in
[https://github.com/webpack/webpack/pull/16446](https://togithub.com/webpack/webpack/pull/16446)

#### Repo Changes

- Fix HTML5 logo in README by
[@&#8203;jakebailey](https://togithub.com/jakebailey) in
[https://github.com/webpack/webpack/pull/16614](https://togithub.com/webpack/webpack/pull/16614)
- Replace TypeScript logo in README by
[@&#8203;jakebailey](https://togithub.com/jakebailey) in
[https://github.com/webpack/webpack/pull/16613](https://togithub.com/webpack/webpack/pull/16613)
- Update actions/cache dependencies by
[@&#8203;piwysocki](https://togithub.com/piwysocki) in
[https://github.com/webpack/webpack/pull/16493](https://togithub.com/webpack/webpack/pull/16493)

#### New Contributors

- [@&#8203;Jack-Works](https://togithub.com/Jack-Works) made their first
contribution in
[https://github.com/webpack/webpack/pull/16500](https://togithub.com/webpack/webpack/pull/16500)
- [@&#8203;lvivski](https://togithub.com/lvivski) made their first
contribution in
[https://github.com/webpack/webpack/pull/16491](https://togithub.com/webpack/webpack/pull/16491)
- [@&#8203;jakebailey](https://togithub.com/jakebailey) made their first
contribution in
[https://github.com/webpack/webpack/pull/16614](https://togithub.com/webpack/webpack/pull/16614)
- [@&#8203;akhilgkrishnan](https://togithub.com/akhilgkrishnan) made
their first contribution in
[https://github.com/webpack/webpack/pull/16446](https://togithub.com/webpack/webpack/pull/16446)
- [@&#8203;ryanwilsonperkin](https://togithub.com/ryanwilsonperkin) made
their first contribution in
[https://github.com/webpack/webpack/pull/16703](https://togithub.com/webpack/webpack/pull/16703)
- [@&#8203;piwysocki](https://togithub.com/piwysocki) made their first
contribution in
[https://github.com/webpack/webpack/pull/16493](https://togithub.com/webpack/webpack/pull/16493)
- [@&#8203;askoufis](https://togithub.com/askoufis) made their first
contribution in
[https://github.com/webpack/webpack/pull/16781](https://togithub.com/webpack/webpack/pull/16781)

**Full Changelog**:
https://github.com/webpack/webpack/compare/v5.75.0...v5.76.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" in timezone Australia/Sydney,
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://app.renovatebot.com/dashboard#github/google/osv.dev).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4xNTkuMSIsInVwZGF0ZWRJblZlciI6IjM0LjE1OS4xIn0=-->
---
 gcp/appengine/frontend3/package-lock.json | 8 ++++----
 gcp/appengine/frontend3/package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/gcp/appengine/frontend3/package-lock.json b/gcp/appengine/frontend3/package-lock.json
index 71e024a7473..b9c524654fa 100644
--- a/gcp/appengine/frontend3/package-lock.json
+++ b/gcp/appengine/frontend3/package-lock.json
@@ -31,7 +31,7 @@
         "sass": "1.58.3",
         "sass-loader": "12.6.0",
         "style-loader": "3.3.1",
-        "webpack": "5.75.0",
+        "webpack": "5.76.0",
         "webpack-cli": "4.10.0",
         "webpack-dev-server": "4.11.1"
       }
@@ -5110,9 +5110,9 @@
       }
     },
     "node_modules/webpack": {
-      "version": "5.75.0",
-      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.75.0.tgz",
-      "integrity": "sha512-piaIaoVJlqMsPtX/+3KTTO6jfvrSYgauFVdt8cr9LTHKmcq/AMd4mhzsiP7ZF/PGRNPGA8336jldh9l2Kt2ogQ==",
+      "version": "5.76.0",
+      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.76.0.tgz",
+      "integrity": "sha512-l5sOdYBDunyf72HW8dF23rFtWq/7Zgvt/9ftMof71E/yUb1YLOBmTgA2K4vQthB3kotMrSj609txVE0dnr2fjA==",
       "dev": true,
       "dependencies": {
         "@types/eslint-scope": "^3.7.3",
diff --git a/gcp/appengine/frontend3/package.json b/gcp/appengine/frontend3/package.json
index 99e0dc855f3..ee2e2eb1f2d 100644
--- a/gcp/appengine/frontend3/package.json
+++ b/gcp/appengine/frontend3/package.json
@@ -32,7 +32,7 @@
     "sass": "1.58.3",
     "sass-loader": "12.6.0",
     "style-loader": "3.3.1",
-    "webpack": "5.75.0",
+    "webpack": "5.76.0",
     "webpack-cli": "4.10.0",
     "webpack-dev-server": "4.11.1"
   }