Bump webpack, webpack-assets-manifest and webpack-cli

[dependabot]

Bumps webpack, webpack-assets-manifest and webpack-cli. These dependencies needed to be updated together.
Updates webpack from 4.46.0 to 5.35.1

Release notes

Sourced from webpack's releases.

v5.35.1

Bugfixes

• fix an __webpack_exports__ is not defined error with some library types

performance

• improve stats grouping performance
• improve providedExports analysis performance
• improve hashing performance
• lazy merge dependencies from creating context modules
• improve dependency parents access performance

v5.35.0

Bugfixes

• fix handling of build dependencies with # in path

Performance

• improve memory usage when using the filesystem cache

When reading a file into a Buffer and picking smaller slices of the Buffer the small slices still keep a reference to the large original Buffer. The leads to increased memory usage. A fix would be to clone the slice into a smaller Buffer when wasting too much memory, but this has a performance cost. There is now a new option cache.allowCollectingMemory which controls that. For one-off builds you probably want allowCollectingMemory: false and for watch builds you probably want allowCollectingMemory: true. It defaults to false in production mode and true in development mode.

v5.34.0

Features

• add support for empty string in resolve.extensions and handle them in this order
• add pnpapi as builtin external when using target: "node"

Bugfixes

• fix a bug where chunks filenames where not included in runtime when using splitChunks and runtimeChunk with target: "node"
• fix deprecation message from LimitChunkCountPlugin

Performance

• precompile schemas into functions to avoid schema compilation overhead
• fix performance regression when storing the cache
• performance improvement for snapshot file iterators

Developer Experience

... (truncated)

Commits

• ed175cd 5.35.1
• 2f98e56 Merge pull request #13205 from webpack/dependabot/npm_and_yarn/less-loader-8.1.1
• 07347a5 Merge pull request #13206 from webpack/dependabot/npm_and_yarn/types/node-14....
• a487086 Merge pull request #13209 from webpack/dependabot/npm_and_yarn/css-loader-5.2.4
• 5aaeaf4 Merge pull request #13207 from webpack/dependabot/npm_and_yarn/mini-css-extra...
• bec0e9b Merge pull request #13208 from webpack/dependabot/npm_and_yarn/fork-ts-checke...
• 4eaa398 Merge pull request #13213 from webpack/perf/rebuild
• 78ee6fb store parents in Dependency
• 88d90be Use LazySets for ContextModuleFactory
• acfea9d improve module graph hashing via bigints
• Additional commits viewable in compare view

Updates webpack-assets-manifest from 4.0.6 to 5.0.6

Release notes

Sourced from webpack-assets-manifest's releases.

5.0.6

• Added manifest parameter to afterOptions hook.
• Use manifest parameter in internal transform and afterOptions taps.
• Check options.enabled after afterOptions hook has been called.

5.0.5

Allow options.space to be a string.

5.0.4

• Updated hook being used to process assets. Use processAssets hook instead of afterProcessAssets so that async lock/unlock functions can be used.
• Updated getLockFilename() to use hash of dirname.
• Removed lockSync and unlockSync functions.
• Updated min webpack version to 5.2.

5.0.3

Use asset.info.hotModuleReplacement to identify HMR files.

5.0.2

• Improved entrypoints handling. #140
• Updated inDevServer() to not use WEBPACK_DEV_SERVER / WEBPACK_SERVE env vars. #125
• Improved writeToDisk: 'auto' behavior
• Updated dependencies

5.0.1

Fixes for #115 and #116

• Improved finding asset modules
• Updated hooks for watch mode
• Use public path with entrypoints
• Updated dependencies

5.0.0

• Compatible with webpack 5 only (5.1+ required).
• Supports finding asset modules.
• Updated options schema to prevent additional properties. This helps with catching typos in option names.
• ⚠️ Updated default value of the output option to be assets-manifest.json. This is to prevent confusion when working with Web app manifests or WebExtension manifests.

Commits

• 761fe12 5.0.6
• e4106d2 Updated hooks (#154)
• b5a53ae 5.0.5
• 874266e Allow options.space to be a string (#151)
• f188c8e 5.0.4
• 1da69ba Lockfile improvements (#148)
• 4f8042f Updated dev dependencies
• 60af212 Updated eslint config
• cbc15ca Removed @​types/lodash.escaperegexp
• 745fcca 5.0.3
• Additional commits viewable in compare view

Updates webpack-cli from 3.3.12 to 4.6.0

Release notes

Sourced from webpack-cli's releases.

v4.6.0

4.6.0 (2021-03-27)

Bug Fixes

• negative options (#2555) (f26ebc1)
• improve error message for help (#2482) (99ae2a3)
• show --node-env in minimum help output (#2411) (f5fc302)

Features

• added WEBPACK_PACKAGE env var to use custom webpack package (#2556) (3d1e485)
• added WEBPACK_CLI_SKIP_IMPORT_LOCAL env var to skip local import (#2546) (e130822)
• allow string value for the --hot option (#2444) (8656e78)
• display used config path when logging level=log (#2431) (f8406e1)

v4.5.0

4.5.0 (2021-02-02)

Notes

• now you can use webpack.config.mjs and webpack.config.js with { "type": "module" } in package.json
• you can avoid using the cross-env package:

Before:

{
    "scripts": {
        "build": "cross-env NODE_ENV=production webpack --config build/webpack.config.js"
    }
}

Now (you can remove the cross-env if you don't use it somewhere else):

{
    "scripts": {
        "build": "webpack --node-env=production --config build/webpack.config.js"
    }
}

• the mode option respect the --node-env option if you don't set the mode option explicit using CLI options or in configuration(s), i.e. --node-env production set process.env.NODE_ENV and mode to production

Bug Fixes

• avoid deprecation message (9d6dbda)
• error message on invalid plugin options (#2380) (f9ce1d3)

... (truncated)

Changelog

Sourced from webpack-cli's changelog.

4.6.0 (2021-03-27)

Bug Fixes

• negative options (#2555) (f26ebc1)
• improve error message for help (#2482) (99ae2a3)
• show --node-env in minimum help output (#2411) (f5fc302)

Features

• added WEBPACK_PACKAGE env var to use custom webpack package (#2556) (3d1e485)
• added WEBPACK_CLI_SKIP_IMPORT_LOCAL env var to skip local import (#2546) (e130822)
• allow string value for the --hot option (#2444) (8656e78)
• display used config path when logging level=log (#2431) (f8406e1)

4.5.0 (2021-02-02)

Notes

• now you can use webpack.config.mjs and webpack.config.js with { "type": "module" } in package.json
• you can avoid using the cross-env package:

Before:

{
    "scripts": {
        "build": "cross-env NODE_ENV=production webpack --config build/webpack.config.js"
    }
}

Now (you can remove the cross-env if you don't use it somewhere else):

{
    "scripts": {
        "build": "webpack --node-env=production --config build/webpack.config.js"
    }
}

• the mode option respect the --node-env option if you don't set the mode option explicit using CLI options or in configuration(s), i.e. --node-env production set process.env.NODE_ENV and mode to production

Bug Fixes

• avoid deprecation message (9d6dbda)
• error message on invalid plugin options (#2380) (f9ce1d3)
• improve description for 'configtest' command (#2379) (311bae3)

... (truncated)

Commits

• b7b0852 chore(release): publish new version
• a8afb64 chore(deps-dev): bump @​types/node
• 7ff723c chore(deps-dev): bump @​types/jest
• 9d296df chore(deps-dev): bump eslint from 7.22.0 to 7.23.0 (#2564)
• f8d6606 chore: ignore tests from npm (#2563)
• f26ebc1 fix: generation of negative flags (#2555)
• 3d1e485 feat: add WEBPACK_PACKAGE env var to use custom webpack package (#2556)
• d039472 test: update snapshots (#2557)
• 5c96b69 ci: add bootstrap step in workflow (#2553)
• a141bbb feat: allow all css possibilities for default template (#2544)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #674.