[Snyk] Upgrade webpack from 4.35.0 to 4.43.0

[snyk-bot]

Snyk has created this PR to upgrade webpack from 4.35.0 to 4.43.0.

✨What is Merge Advice?

We check thousands of dependency upgrade pull requests and CI tests every day to see which upgrades were successfully merged. After crunching this data, we give a recommendation on how safe we think the change is for you to merge without causing issues. Learn more, and share your feedback to help improve this feature. 🙏

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 25 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2020-04-21.

The recommended version fixes:

Severity	Issue	Exploit Maturity
	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	Proof of Concept
	Timing Attack SNYK-JS-ELLIPTIC-511941	No Known Exploit

Release notes

Package name: webpack

• 4.43.0 - 2020-04-21
  

  Features

  • add module.hot.invalidate() to HMR API

  Dependencies

  • push versions for forced security updates
• 4.42.1 - 2020-03-24
  

  Bugfixes

  • update webassemblyjs dependencies for instruction update
  • update mkdirp dependency for security reasons
• 4.42.0 - 2020-03-02
  

  Bugfixes

  • Disable constant replacements in "use asm" scope
  • Update schema to disallow functions for output.hotUpdateChunkFilename as this doesn't work
  • Hoist exports in concatenated module to handle circular references with non-concatenated modules correctly
  • Flag all modules as used in DLLs to fix missing exports
• 4.41.6 - 2020-02-11
  

  Bugfixes

  • Windows network paths are considered as absolute paths
  • fix hanging of FlagDependencyExportsPlugin when using export * in a circular matter
• 4.41.5 - 2019-12-27
  

  Bugfixes

  • handle relative paths with webpack:// prefix in SourceMaps correctly
  • fixes a non-determinism about providedExports with export * which caused changing module hashes and unnecessary HMR invalidation
• 4.41.4 - 2019-12-19
• 4.41.3 - 2019-12-16
• 4.41.2 - 2019-10-15
• 4.41.1 - 2019-10-11
• 4.41.0 - 2019-09-24
• 4.40.3 - 2019-09-24
• 4.40.2 - 2019-09-13
• 4.40.1 - 2019-09-13
• 4.40.0 - 2019-09-12
• 4.39.3 - 2019-08-27
• 4.39.2 - 2019-08-13
• 4.39.1 - 2019-08-02
• 4.39.0 - 2019-08-01
• 4.38.0 - 2019-07-26
• 4.37.0 - 2019-07-23
• 4.36.1 - 2019-07-17
• 4.36.0 - 2019-07-17
• 4.35.3 - 2019-07-08
• 4.35.2 - 2019-07-01
• 4.35.1 - 2019-07-01
• 4.35.0 - 2019-06-20

from webpack GitHub release notes

Commit messages

Package name: webpack

• c9d4ff7 4.43.0
• 9a2febd Merge pull request #10715 from webpack/hmr/invalidate-4
• a53bb8f add invalidate method to HMR
• 4c644bf Merge pull request #10518 from TechieForFun/webpack-4
• 9efaba2 Merge pull request #10571 from mjziolko/watchpack-vuln
• a704715 Merge pull request #10622 from webpack/ci/fix-azure
• 7f843e8 fix vm images in azure
• 9c23e18 Update watchpack to the most recent minor version to remove mimimist vulnerability.
• 71eb593 4.42.1
• 7bc38d6 Merge pull request #10580 from jeffin143/update-mkdirp
• a814ac9 update lockfile
• f110b6e UPDATE mkdirp
• 499b537 revert unneccessary changes
• c9bb7a9 Update snapshots of tests
• 4023e8c Update package.json, yarn.lock
• 2ca966c Update package.json
• a7cfbfe Update package.json
• f97fedc Update package.json for tests
• 3320b9d Update on yarn.lock
• 0fe7c5a Update yarn.lock
• 6526134 Update package.json
• 5f65ecb Merge pull request #10493 from jeffin143/fix-10489
• 994df0f Order dependencies alphabetically
• a06807b fix :10489 - Backport to webpack 4: wasm: v128 support

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs