fix(deps): update dependency webpack to v5.76.0 [security] - autoclosed #38

renovate · 2023-09-23T07:34:48Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
webpack	`5.74.0` -> `5.76.0`

GitHub Vulnerability Alerts

CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.

Release Notes

webpack/webpack (webpack)

Bugfixes

experiments.* normalize to false when opt-out
avoid NaN%
show the correct error when using a conflicting chunk name in code
HMR code tests existance of window before trying to access it
fix eval-nosources-* actually exclude sources
fix race condition where no module is returned from processing module
fix position of standalong semicolon in runtime code

Features

add support for @import to extenal CSS when using experimental CSS in node
add i64 support to the deprecated WASM implementation

Developer Experience

expose EnableWasmLoadingPlugin
add more typings
generate getters instead of readonly properties in typings to allow overriding them

Configuration

📅 Schedule: Branch creation - "" in timezone GMT, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

stackblitz · 2023-09-23T07:34:51Z

Run & review this pull request in StackBlitz Codeflow.

changeset-bot · 2023-09-23T07:34:52Z

⚠️ No Changeset found

Latest commit: 425fd21

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

socket-security · 2023-09-24T20:06:36Z

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
@nivo/core	0.78.0	eval	`+0`	623 kB	plouc
@types/babel-core	6.25.7	None	`+0`	11.1 kB	types
@types/socket.io-client	1.4.36	None	`+0`	24 kB	types
@graphql-tools/load	7.8.4	None	`+0`	80.4 kB	ardatan
@cypress/snapshot	2.1.7	None	`+0`	101 kB	cypress-npm-publisher
@babel/plugin-transform-modules-commonjs	7.16.8	None	`+6`	281 kB	nicolo-ribaudo
@testing-library/react	11.2.7	None	`+5`	5.61 MB	testing-library-bot
@graphiql/plugin-code-exporter	0.1.0	network	`+0`	948 kB	acao

🚮 Removed packages: @contentful/rich-text-types@14.1.2, @emotion/styled@10.3.0, @graphql-codegen/add@3.2.1, @graphql-codegen/typescript@2.8.1, @loadable/component@5.15.3, @types/jest@27.0.2, @types/joi@14.3.4, @types/react@18.0.25

renovate bot added the topic: automation label Sep 23, 2023

renovate bot changed the title ~~fix(deps): update dependency webpack to v5.76.0 [security]~~ fix(deps): update dependency webpack to v5.76.0 [security] - autoclosed Sep 23, 2023

renovate bot closed this Sep 23, 2023

renovate bot deleted the renovate/npm-webpack-vulnerability branch September 23, 2023 08:00

renovate bot changed the title ~~fix(deps): update dependency webpack to v5.76.0 [security] - autoclosed~~ fix(deps): update dependency webpack to v5.76.0 [security] Sep 23, 2023

renovate bot reopened this Sep 23, 2023

renovate bot restored the renovate/npm-webpack-vulnerability branch September 23, 2023 17:11

renovate bot force-pushed the renovate/npm-webpack-vulnerability branch 2 times, most recently from b731593 to 5ac5002 Compare September 23, 2023 19:43

renovate bot changed the title ~~fix(deps): update dependency webpack to v5.76.0 [security]~~ fix(deps): update dependency webpack to v5.76.0 [security] - autoclosed Sep 24, 2023

renovate bot closed this Sep 24, 2023

renovate bot deleted the renovate/npm-webpack-vulnerability branch September 24, 2023 01:44

renovate bot changed the title ~~fix(deps): update dependency webpack to v5.76.0 [security] - autoclosed~~ fix(deps): update dependency webpack to v5.76.0 [security] Sep 24, 2023

renovate bot reopened this Sep 24, 2023

renovate bot restored the renovate/npm-webpack-vulnerability branch September 24, 2023 19:47

renovate bot force-pushed the renovate/npm-webpack-vulnerability branch from 5ac5002 to d98291f Compare September 24, 2023 19:48

renovate bot changed the title ~~fix(deps): update dependency webpack to v5.76.0 [security]~~ fix(deps): update dependency webpack to v5.76.0 [security] - autoclosed Sep 25, 2023

renovate bot closed this Sep 25, 2023

renovate bot deleted the renovate/npm-webpack-vulnerability branch September 25, 2023 00:35

renovate bot changed the title ~~fix(deps): update dependency webpack to v5.76.0 [security] - autoclosed~~ fix(deps): update dependency webpack to v5.76.0 [security] Sep 27, 2023

renovate bot reopened this Sep 27, 2023

renovate bot restored the renovate/npm-webpack-vulnerability branch September 27, 2023 21:00

renovate bot force-pushed the renovate/npm-webpack-vulnerability branch from d98291f to f717ede Compare September 27, 2023 21:01

renovate bot changed the title ~~fix(deps): update dependency webpack to v5.76.0 [security]~~ fix(deps): update dependency webpack to v5.76.0 [security] - autoclosed Sep 27, 2023

renovate bot closed this Sep 27, 2023

renovate bot deleted the renovate/npm-webpack-vulnerability branch September 27, 2023 22:01

renovate bot changed the title ~~fix(deps): update dependency webpack to v5.76.0 [security] - autoclosed~~ fix(deps): update dependency webpack to v5.76.0 [security] Sep 29, 2023

renovate bot deleted the renovate/npm-webpack-vulnerability branch October 6, 2023 13:19

renovate bot changed the title ~~fix(deps): update dependency webpack to v5.76.0 [security] - autoclosed~~ fix(deps): update dependency webpack to v5.76.0 [security] Oct 7, 2023

renovate bot reopened this Oct 7, 2023

renovate bot restored the renovate/npm-webpack-vulnerability branch October 7, 2023 23:31

renovate bot force-pushed the renovate/npm-webpack-vulnerability branch from 7649bc2 to 8cedb91 Compare October 7, 2023 23:31

renovate bot changed the title ~~fix(deps): update dependency webpack to v5.76.0 [security]~~ fix(deps): update dependency webpack to v5.76.0 [security] - autoclosed Oct 8, 2023

renovate bot closed this Oct 8, 2023

renovate bot deleted the renovate/npm-webpack-vulnerability branch October 8, 2023 00:37

renovate bot changed the title ~~fix(deps): update dependency webpack to v5.76.0 [security] - autoclosed~~ fix(deps): update dependency webpack to v5.76.0 [security] Oct 10, 2023

renovate bot reopened this Oct 10, 2023

renovate bot restored the renovate/npm-webpack-vulnerability branch October 10, 2023 22:46

renovate bot force-pushed the renovate/npm-webpack-vulnerability branch from 8cedb91 to e57dd7c Compare October 10, 2023 22:46

renovate bot changed the title ~~fix(deps): update dependency webpack to v5.76.0 [security]~~ fix(deps): update dependency webpack to v5.76.0 [security] - autoclosed Oct 11, 2023

renovate bot closed this Oct 11, 2023

renovate bot deleted the renovate/npm-webpack-vulnerability branch October 11, 2023 00:48

renovate bot changed the title ~~fix(deps): update dependency webpack to v5.76.0 [security] - autoclosed~~ fix(deps): update dependency webpack to v5.76.0 [security] Oct 11, 2023

renovate bot reopened this Oct 11, 2023

renovate bot restored the renovate/npm-webpack-vulnerability branch October 11, 2023 18:46

renovate bot force-pushed the renovate/npm-webpack-vulnerability branch from e57dd7c to 470aef1 Compare October 11, 2023 18:47

renovate bot changed the title ~~fix(deps): update dependency webpack to v5.76.0 [security]~~ fix(deps): update dependency webpack to v5.76.0 [security] - autoclosed Oct 12, 2023

renovate bot closed this Oct 12, 2023

renovate bot deleted the renovate/npm-webpack-vulnerability branch October 12, 2023 00:28

renovate bot changed the title ~~fix(deps): update dependency webpack to v5.76.0 [security] - autoclosed~~ fix(deps): update dependency webpack to v5.76.0 [security] Oct 15, 2023

renovate bot reopened this Oct 15, 2023

renovate bot restored the renovate/npm-webpack-vulnerability branch October 15, 2023 18:36

fix(deps): update dependency webpack to v5.76.0 [security]

425fd21

renovate bot force-pushed the renovate/npm-webpack-vulnerability branch from 470aef1 to 425fd21 Compare October 15, 2023 18:37

renovate bot changed the title ~~fix(deps): update dependency webpack to v5.76.0 [security]~~ fix(deps): update dependency webpack to v5.76.0 [security] - autoclosed Oct 15, 2023

renovate bot closed this Oct 15, 2023

renovate bot deleted the renovate/npm-webpack-vulnerability branch October 15, 2023 21:13

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): update dependency webpack to v5.76.0 [security] - autoclosed #38

fix(deps): update dependency webpack to v5.76.0 [security] - autoclosed #38

renovate bot commented Sep 23, 2023

stackblitz bot commented Sep 23, 2023

changeset-bot bot commented Sep 23, 2023 •

edited

Loading

socket-security bot commented Sep 24, 2023

fix(deps): update dependency webpack to v5.76.0 [security] - autoclosed #38

fix(deps): update dependency webpack to v5.76.0 [security] - autoclosed #38

Conversation

renovate bot commented Sep 23, 2023

GitHub Vulnerability Alerts

CVE-2023-28154

Release Notes

v5.76.0

Bugfixes

Features

Security

Repo Changes

New Contributors

v5.75.0

Bugfixes

Features

Developer Experience

Configuration

stackblitz bot commented Sep 23, 2023

changeset-bot bot commented Sep 23, 2023 • edited Loading

⚠️ No Changeset found

socket-security bot commented Sep 24, 2023

`v5.76.0`

`v5.75.0`

changeset-bot bot commented Sep 23, 2023 •

edited

Loading