[Snyk] Upgrade webpack from 5.10.0 to 5.78.0

[q1blue]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade webpack from 5.10.0 to 5.78.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 123 versions ahead of your current version.
• The recommended version was released 22 days ago, on 2023-04-05.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Sandbox Bypass SNYK-JS-WEBPACK-3358798	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: webpack

• 5.78.0 - 2023-04-05
  

  Features

  • Implement amdContainer support for AMD libraries (Fixes #16561) by @ long76 in #16562

  Bugfixes

  • [CSS] - Nested atRule's @ media or @ supports now properly are replaced with unique identifiers by @ noreiller in #15812
  • [CSS] - Fix bug where closing parenthesis in CSS were not properly parsed and compiled by @ janlent1 in #16864
  • Fix an issue where oneOf rule has been picked multiple times by @ xiaoxiaojx in #16477
  • Add createRequire support for node:module prefix by @ alexander-akait in #16904
  • Fix bug where self-referencing a package in a shared module failed by @ weareoutman in #16685

  Performance

  • Make ErrorHelpers named functions; Add types by @ TheLarkInn in #16893
  • Introduce ModuleTypeConstants for plugins by @ TheLarkInn in #16896
  • Refactor memory footprint in string usages for multiple plugins by @ TheLarkInn in #16894
  • Add more module type constants, use them across codebase by @ TheLarkInn in #16898

  Contributor Experience

  • Implement default PR Template to use GitHub Copilot for PR's integration and fix template name usage by @ geromegrignon in #16890
  • ci: update actions/cache to v3 by @ armujahid in #16462
  • webpack org Collaborators and Members now have funded GitHub Codespaces!

  

  New Contributors

  • @ geromegrignon made their first contribution in #16890
  • @ armujahid made their first contribution in #16462
  • @ long76 made their first contribution in #16562
  • @ weareoutman made their first contribution in #16685

  Full Changelog: v5.77.0...v5.78.0

• 5.77.0 - 2023-03-29
  

  New Features

  • Add a new output option, output.workerPublicPath by @ thomastay in #16671

  Developer Experience

  • Improve resolve.extensions error message to suggest when "." is missing before the extension by @ snitin315 in #16807

  Contributor Experience

  • Enable GitHub Copilot for PR's into default Pull Request Template by @ TheLarkInn in #16881

  New Contributors

  • @ thomastay made their first contribution in #16671

  Full Changelog: v5.76.3...v5.77.0

• 5.76.3 - 2023-03-22
  

  Bugfixes

  • Non-javascript files will correctly not be imported when using experiments.outputModule (ES Module Output) by @ snitin315 in #16809
  • Limit console output progress bar length to 40 when no columns provided by @ snitin315 in #16810
  • Add missing NodeJS Builtin Modules support for inspector/promises, readline/promises, and stream/consumers by @ ShenHongFei in #16841
  • webpack bin/cli now properly respects NODE_PATH env variable by @ snitin315 in #16808
  • Improve typos in resolveResourceErrorHints by @ snitin315 in #16806
  • Add missing loaders token support to moduleFilenameTemplate function call by @ pgoldberg in #16756
  • Add gaurd condition for enabledLibraryTypes in internal ContainerPlugin by @ PengBoUESTC in #16635

  New Contributors

  • @ ShenHongFei made their first contribution in #16841
  • @ pgoldberg made their first contribution in #16756
  • @ PengBoUESTC made their first contribution in #16635

  Full Changelog: v5.76.2...v5.76.3

• 5.76.2 - 2023-03-15
  Read more
• 5.76.1 - 2023-03-10
  

  Fixed

  • Added assert/strict built-in to NodeTargetPlugin

  Revert

  • Improve performance of hashRegExp lookup by @ ryanwilsonperkin in #16759
• 5.76.0 - 2023-03-08
  Read more
• 5.75.0 - 2022-11-09
  

  Bugfixes

  • experiments.* normalize to false when opt-out
  • avoid NaN%
  • show the correct error when using a conflicting chunk name in code
  • HMR code tests existance of window before trying to access it
  • fix eval-nosources-* actually exclude sources
  • fix race condition where no module is returned from processing module
  • fix position of standalong semicolon in runtime code

  Features

  • add support for @ import to extenal CSS when using experimental CSS in node
  • add i64 support to the deprecated WASM implementation

  Developer Experience

  • expose EnableWasmLoadingPlugin
  • add more typings
  • generate getters instead of readonly properties in typings to allow overriding them
• 5.74.0 - 2022-07-25
  Read more
• 5.73.0 - 2022-06-02
  

  Features

  • add options for default dynamicImportMode and prefetch and preload
  • add support for import { createRequire } from "module" in source code

  Bugfixes

  • fix code generation of e. g. return"field"in Module
  • fix performance of large JSON modules
  • fix performance of async modules evaluation

  Developer Experience

  • export PathData in typings
  • improve error messages with more details
• 5.72.1 - 2022-05-10
  

  Bugfixes

  • fix __webpack_nonce__ with HMR
  • fix in operator in some cases
  • fix json parsing error messages
  • fix module concatenation with using this.importModule
  • upgrade enhanced-resolve
• 5.72.0 - 2022-04-07
• 5.71.0 - 2022-04-01
• 5.70.0 - 2022-03-03
• 5.69.1 - 2022-02-17
• 5.69.0 - 2022-02-15
• 5.68.0 - 2022-01-31
• 5.67.0 - 2022-01-21
• 5.66.0 - 2022-01-12
• 5.65.0 - 2021-12-06
• 5.64.4 - 2021-11-25
• 5.64.3 - 2021-11-24
• 5.64.2 - 2021-11-20
• 5.64.1 - 2021-11-15
• 5.64.0 - 2021-11-11
• 5.63.0 - 2021-11-09
• 5.62.2 - 2021-11-09
• 5.62.1 - 2021-11-05
• 5.62.0 - 2021-11-05
• 5.61.0 - 2021-10-29
• 5.60.0 - 2021-10-25
• 5.59.1 - 2021-10-20
• 5.59.0 - 2021-10-19
• 5.58.2 - 2021-10-13
• 5.58.1 - 2021-10-08
• 5.58.0 - 2021-10-07
• 5.57.1 - 2021-10-05
• 5.57.0 - 2021-10-05
• 5.56.1 - 2021-10-04
• 5.56.0 - 2021-10-01
• 5.55.1 - 2021-09-29
• 5.55.0 - 2021-09-28
• 5.54.0 - 2021-09-24
• 5.53.0 - 2021-09-16
• 5.52.1 - 2021-09-10
• 5.52.0 - 2021-09-03
• 5.51.2 - 2021-09-02
• 5.51.1 - 2021-08-19
• 5.51.0 - 2021-08-19
• 5.50.0 - 2021-08-10
• 5.49.0 - 2021-08-06
• 5.48.0 - 2021-08-02
• 5.47.1 - 2021-07-29
• 5.47.0 - 2021-07-27
• 5.46.0 - 2021-07-22
• 5.45.1 - 2021-07-16
• 5.45.0 - 2021-07-16
• 5.44.0 - 2021-07-08
• 5.43.0 - 2021-07-06
• 5.42.1 - 2021-07-05
• 5.42.0 - 2021-07-02
• 5.41.1 - 2021-06-29
• 5.41.0 - 2021-06-28
• 5.40.0 - 2021-06-21
• 5.39.1 - 2021-06-17
• 5.39.0 - 2021-06-14
• 5.38.1 - 2021-05-27
• 5.38.0 - 2021-05-27
• 5.37.1 - 2021-05-19
• 5.37.0 - 2021-05-10
• 5.36.2 - 2021-04-30
• 5.36.1 - 2021-04-28
• 5.36.0 - 2021-04-27
• 5.35.1 - 2021-04-23
• 5.35.0 - 2021-04-21
• 5.34.0 - 2021-04-19
• 5.33.2 - 2021-04-14
• 5.33.1 - 2021-04-14
• 5.33.0 - 2021-04-14
• 5.32.0 - 2021-04-12
• 5.31.2 - 2021-04-09
• 5.31.1 - 2021-04-09
• 5.31.0 - 2021-04-07
• 5.30.0 - 2021-04-01
• 5.29.0 - 2021-04-01
• 5.28.0 - 2021-03-24
• 5.27.2 - 2021-03-22
• 5.27.1 - 2021-03-20
• 5.27.0 - 2021-03-19
• 5.26.3 - 2021-03-17
• 5.26.2 - 2021-03-16
• 5.26.1 - 2021-03-16
• 5.26.0 - 2021-03-15
• 5.25.1 - 2021-03-14
• 5.25.0 - 2021-03-12
• 5.24.4 - 2021-03-08
• 5.24.3 - 2021-03-03
• 5.24.2 - 2021-02-24
• 5.24.1 - 2021-02-23
• 5.24.0 - 2021-02-22
• 5.23.0 - 2021-02-18
• 5.22.0 - 2021-02-15
• 5.21.2 - 2021-02-07
• 5.21.1 - 2021-02-06
• 5.21.0 - 2021-02-05
• 5.20.2 - 2021-02-04
• 5.20.1 - 2021-02-03
• 5.20.0 - 2021-02-02
• 5.19.0 - 2021-01-29
• 5.18.0 - 2021-01-26
• 5.17.0 - 2021-01-22
• 5.16.0 - 2021-01-19
• 5.15.0 - 2021-01-15
• 5.14.0 - 2021-01-13
• 5.13.0 - 2021-01-11
• 5.12.3 - 2021-01-10
• 5.12.2 - 2021-01-09
• 5.12.1 - 2021-01-08
• 5.12.0 - 2021-01-08
• 5.11.1 - 2020-12-28
• 5.11.0 - 2020-12-17
• 5.10.3 - 2020-12-15
• 5.10.2 - 2020-12-15
• 5.10.1 - 2020-12-11
• 5.10.0 - 2020-12-04

from webpack GitHub release notes

Commit messages

Package name: webpack

• e51f834 5.78.0
• 2703c1b Merge pull request #16685 from weareoutman/main
• 765cbff Merge pull request #16477 from xiaoxiaojx/fix/issue-16466
• 276154a Merge pull request #16904 from webpack/issue-16724
• b2cd779 Merge pull request #16864 from janlent1/fixnativecssparsingissue
• 7c7ca77 Merge pull request #15812 from noreiller/fix-experiments-css-at-rule-nested
• 7a6e950 Merge pull request #16562 from long76/patch-1
• 9875719 ci: update actions/cache to v3
• 2145fde fix: detect `createRequire` when imported with `node:` prefix
• d511c9f Always add a ) when using pseudofunctions
• eed37e9 Merge pull request #16898 from webpack/thelarkinn/refactor-profiling-plugin
• 92ccb9e Merge pull request #16894 from webpack/thelarkinn/refactor-flag-dep-plugins
• fa4cbf1 add more module type constants, use them across codebase
• 6364822 Merge pull request #16896 from webpack/thelarkinn/module-type-constants
• 4bcc0f0 yarn lint fix
• 844fc55 refactor(moduletypes): introduce module type constants, reduce memory footprint define/json plugins
• 46a3e3d Merge pull request #16893 from webpack/thelarkinn/refactor-error-helpers
• 4fda34a refactor(plugins): Reduce memory footprint in string usages for flag plugins
• 30e9d70 refactor(ErrorHelpers): Make error helpers named functions; add types
• d96ce76 Merge pull request #16890 from geromegrignon/fix/copilot-template
• 1f3f991 fix: copilot command typo
• 263f291 5.77.0
• ae9f0e0 Merge pull request #16881 from webpack/feature/beta-test-github-template-copilot-for-pr
• fdcdc2d Pilot the Copilot for PR in default PR template, retain original template

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs