Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade webpack from 4.41.2 to 4.42.0 #7

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Apr 9, 2020

Snyk has created this PR to upgrade webpack from 4.41.2 to 4.42.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
  • The recommended version is 5 versions ahead of your current version.
  • The recommended version was released a month ago, on 2020-03-02.

The recommended version fixes:

Severity Issue Exploit Maturity
Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-536840
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ACORN-559469
No Known Exploit
Timing Attack
SNYK-JS-ELLIPTIC-511941
No Known Exploit
Release notes
Package name: webpack
  • 4.42.0 - 2020-03-02

    Bugfixes

    • Disable constant replacements in "use asm" scope
    • Update schema to disallow functions for output.hotUpdateChunkFilename as this doesn't work
    • Hoist exports in concatenated module to handle circular references with non-concatenated modules correctly
    • Flag all modules as used in DLLs to fix missing exports
  • 4.41.6 - 2020-02-11

    Bugfixes

    • Windows network paths are considered as absolute paths
    • fix hanging of FlagDependencyExportsPlugin when using export * in a circular matter
  • 4.41.5 - 2019-12-27

    Bugfixes

    • handle relative paths with webpack:// prefix in SourceMaps correctly
    • fixes a non-determinism about providedExports with export * which caused changing module hashes and unnecessary HMR invalidation
  • 4.41.4 - 2019-12-19

    Bugfixes

    • fix case where __webpack_require__.e is not a function when using module concatenation
    • fix incorrect imported module when using sideEffects in a certain constellation of export names

    Performance

    • lazy-require Webassembly related modules for improved startup performance
  • 4.41.3 - 2019-12-16

    Security

    • force upgrade terser-webpack-plugin dependency for security fix (not affecting webpack)

    Funding

    • add npm funding field to package.json
  • 4.41.2 - 2019-10-15
from webpack GitHub release notes
Commit messages
Package name: webpack
  • 29d851b 4.42.0
  • 07a4b28 Merge pull request #10478 from webpack/bugfix/all-modules-dll
  • c1aa9d4 flag all modules as used for Dll
  • d147689 Merge pull request #10431 from webpack/bugfix/concat-circular-4
  • d76761d hoist exports to the top of a concatenated module
  • 534d78f Merge pull request #10393 from webpack/schema/disallow-function-hotchunkfilename
  • d46ddc2 disallow function for output.hotUpdateChunkFilename
  • 95409bd Merge pull request #10294 from ngg/asmjs-4
  • 71be3bf 4.41.6
  • 7a30012 spacing
  • 284e97f add detectStrictMode method for backward-compat
  • 0b8ef22 Merge pull request #10344 from webpack/bugfix/hang-circular-reexport
  • 614ea54 only retrigger flagging exports in dependencies when exports really changed
  • a7a07bc do not evaluate constants in asm.js, fix IIFE mode detection
  • 627510d Merge pull request #10255 from jeffin143/fix-10247
  • e826575 correct windows paths must use \ and not /
  • 5e9f083 Merge pull request #10240 from jeffin143/fix-10217
  • d8c74b6 fix: better handle absolute paths
  • ef73991 update webpackOption.d.ts
  • 2101892 add chunkid declaration
  • 4bb706f Fix lint issue
  • 2394136 added variable declarations in files where required
  • 148c4be get rid of some hacks in declarations file for webpack-4
  • 45ecebc 4.41.5

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant