chore(deps): update dependency webpack to v5.76.0 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
webpack	5.10.0 -> 5.76.0

GitHub Vulnerability Alerts

CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.

---

Release Notes

webpack/webpack (webpack)

v5.76.0

Compare Source

Bugfixes

• Avoid cross-realm object access by @​Jack-Works in https://github.com/webpack/webpack/pull/16500
• Improve hash performance via conditional initialization by @​lvivski in https://github.com/webpack/webpack/pull/16491
• Serialize generatedCode info to fix bug in asset module cache restoration by @​ryanwilsonperkin in https://github.com/webpack/webpack/pull/16703
• Improve performance of hashRegExp lookup by @​ryanwilsonperkin in https://github.com/webpack/webpack/pull/16759

Features

• add target to LoaderContext type by @​askoufis in https://github.com/webpack/webpack/pull/16781

Security

• CVE-2022-37603 fixed by @​akhilgkrishnan in https://github.com/webpack/webpack/pull/16446

Repo Changes

• Fix HTML5 logo in README by @​jakebailey in https://github.com/webpack/webpack/pull/16614
• Replace TypeScript logo in README by @​jakebailey in https://github.com/webpack/webpack/pull/16613
• Update actions/cache dependencies by @​piwysocki in https://github.com/webpack/webpack/pull/16493

New Contributors

• @​Jack-Works made their first contribution in https://github.com/webpack/webpack/pull/16500
• @​lvivski made their first contribution in https://github.com/webpack/webpack/pull/16491
• @​jakebailey made their first contribution in https://github.com/webpack/webpack/pull/16614
• @​akhilgkrishnan made their first contribution in https://github.com/webpack/webpack/pull/16446
• @​ryanwilsonperkin made their first contribution in https://github.com/webpack/webpack/pull/16703
• @​piwysocki made their first contribution in https://github.com/webpack/webpack/pull/16493
• @​askoufis made their first contribution in https://github.com/webpack/webpack/pull/16781

Full Changelog: webpack/webpack@v5.75.0...v5.76.0

v5.75.0

Compare Source

Bugfixes

• experiments.* normalize to false when opt-out
• avoid NaN%
• show the correct error when using a conflicting chunk name in code
• HMR code tests existance of window before trying to access it
• fix eval-nosources-* actually exclude sources
• fix race condition where no module is returned from processing module
• fix position of standalong semicolon in runtime code

Features

• add support for @import to extenal CSS when using experimental CSS in node
• add i64 support to the deprecated WASM implementation

Developer Experience

• expose EnableWasmLoadingPlugin
• add more typings
• generate getters instead of readonly properties in typings to allow overriding them

v5.74.0

Compare Source

Features

• add resolve.extensionAlias option which allows to alias extensions
  • This is useful when you are forced to add the .js extension to imports when the file really has a .ts extension (typescript + "type": "module")
• add support for ES2022 features like static blocks
• add Tree Shaking support for ProvidePlugin

Bugfixes

• fix persistent cache when some build dependencies are on a different windows drive
• make order of evaluation of side-effect-free modules deterministic between concatenated and non-concatenated modules
• remove left-over from debugging in TLA/async modules runtime code
• remove unneeded extra 1s timestamp offset during watching when files are actually untouched
  • This sometimes caused an additional second build which are not really needed
• fix shareScope option for ModuleFederationPlugin
• set "use-credentials" also for same origin scripts

Performance

• Improve memory usage and performance of aggregating needed files/directories for watching
  • This affects rebuild performance

Extensibility

• export HarmonyImportDependency for plugins

v5.73.0

Compare Source

Features

• add options for default dynamicImportMode and prefetch and preload
• add support for import { createRequire } from "module" in source code

Bugfixes

• fix code generation of e. g. return"field"in Module
• fix performance of large JSON modules
• fix performance of async modules evaluation

Developer Experience

• export PathData in typings
• improve error messages with more details

v5.72.1

Compare Source

Bugfixes

• fix __webpack_nonce__ with HMR
• fix in operator in some cases
• fix json parsing error messages
• fix module concatenation with using this.importModule
• upgrade enhanced-resolve

v5.72.0

Compare Source

Features

• make cache warnings caused by build errors less verbose
• Allow banner to be placed as a footer with the BannerPlugin
• allow to concatenate asset modules

Bugfixes

• fix RemoteModules when using HMR (Module Federation + HMR)
• throw error when using module concatenation and cacheUnaffected
• fix in operator with nested exports

v5.71.0

Compare Source

Features

• choose smarter default for uniqueName when using a output.library which includes placeholders
• add support for expressions with in of a imported binding
• generate UMD code with arrow functions when possible

Bugfixes

• fix source map source names for ContextModule to be relative
• fix chunkLoading option in module module
• fix edge case where evaluateExpression returns null
• retain optional chaining in imported bindings
• include runtime code for the base URI even if not using chunk loading
• don't throw errors in persistent caching when importing node.js builtin modules via ESM
• fix crash when using lazy-once Context modules
• improve handling of context modules with multiple contexts
• fix race condition HMR chunk loading when importing chunks during HMR updating
• handle errors in runAsChild callback

v5.70.0

Compare Source

Features

• update node.js version constraints for ESM support
• add baseUri to entry options to configure a static base uri (the base of new URL())
• alphabetically sort exports in namespace objects when possible
• add __webpack_exports_info__.name.canMangle
• add proxy support to experiments.buildHttp
• import.meta.webpackContext as ESM alternative to require.context
• handle multiple alternative directories (e. g. due to resolve.alias or resolve.modules) when creating an context module

Bugfixes

• fix problem when assigning global to a variable
• fix crash when using experiments.outputModule and loaderContext.importModule with multiple chunks
• avoid generating progress output before the compilation has started (ProgressPlugin)
• fix handling of non-static-ESM dependencies with using TLA and HMR in the same module
• include the asset module filename in hashing
• output.clean will keep HMR assets for at least 10s to allow HMR to access them even when compilation is faster then the browser

Performance

• fix asset caching when using the BannerPlugin

Developer Experience

• improve typings

Contributing

• capture caching errors when running the test suite

v5.69.1

Compare Source

Revert

• revert "handle multiple alternative directories (e. g. due to resolve.alias or resolve.modules) when creating an context module"

v5.69.0

Compare Source

Features

• automatically switch to an ESM compatible environment when enabling ESM output mode
• handle multiple alternative directories (e. g. due to resolve.alias or resolve.modules) when creating an context module
• add util/types to node.js built-in modules
• add __webpack_exports_info__.<name>.canMangle api

Bugfixes

• fix bug in chunk graph generation which leads to modules being included in chunk desprite them being already included in parent chunks
• avoid writing more than 2GB at once during cache serialization (as workaround for node.js/libuv bug on MacOS)
• fix handling of whitespaces in semver ranges when using Module Federation
• avoid generating hashes which contain only numbers as they likely conflict with module ids
• fix resource name based placeholders for data uris
• fix cache serialization for context elements
• fix passing of stage option when instrumenting plugins for the ProfilingPlugin
• fix tracking of declarations in concatenated modules to avoid conflicts
• fix unstable mangling of exports
• fix handling of # in paths of loaders
• avoid unnecessary cache update when using experiments.buildHttp

Contributing

• update typescript and jest

Developer Experience

• expose some additional typings for usage in webpack-cli

v5.68.0

Compare Source

Features

• allow to disable compile time evaluation of import.meta.url
• add __webpack_module__ and __webpack_module__.id to the api

Bugfixes

• fix handling of errors thrown in async modules

v5.67.0

Compare Source

Features

• add 'outputPath' configuration option for resource asset modules
• support Trusted Types in eval source maps
• experiments.css
  • allow to generate only exports for css in node
  • add SyncModuleIdsPlugin to sync module ids between server and client compilation
  • add more options to the DeterministicModuleIdsPlugin to allow to generate equal ids

Developer Experience

• limit data url module name in stats printer
• allow specific description for CLI options
• improve space limiting algorithm in stats printing to show partial lists
• add null to errors in callbacks
• fix call signature types of addChunkInGroup

Bugfixes

• avoid reporting non-existant package.jsons as dependencies
• experiments.css
  • fix missing css runtime when only initial css is used
  • fix css hmr support
  • bugfixes to css modules
• fix cache serialization for CreateScriptUrlDependency
• fix data url content when processed by a loader
• fix regexp in identifiers that include |
• fix ProfilingPlugin for watch scenarios
• add layer to module names and identifiers
  • this avoid random module id changes when additional modules are added to another layer
• provide hashFunction parameter to DependencyTemplates to allow customizing it there
• fix HMR when experiments.lazyCompilation is enabled
• store url as Buffer to avoid serialization warnings
• exclude webpack-hot-middleware/client from lazy compilation

Contributing

• remove travis configuration
• improve spell checking

v5.66.0

Compare Source

Features

• add output.library.type: "commonjs-static" to emit a statically analyse-able commonjs module (for node.js esm interop support)
• add experiments.css (very experimental)
  • see https://github.com/webpack/webpack/issues/14893

Bugfixes

• fix CORS headers for experiments.lazyCompilation
• fix [absolute-resource-path] for SourceMap module naming
• avoid stack overflow when accessing many memory cached cache values in series

Performance

• reduce default watchOptions.aggregateTimeout to 20ms

v5.65.0

Compare Source

Features

• static evaluation understands undefined now
• reduce container entry code by a few chars
• use template literals when available and they make sense

Bugfixes

• handle singleton flag without requiredVersion in Module Federation
• upgrade watchpack for context time info bugfix

Performance

• improve RegExp in error message formating for non-quadratic performance

Developer Experience

• automatically insert brackets when output.globalObject contains a non-trival expression
• show error when using script type external with invalid syntax
• expose types for Resolver, StatsOptions and ResolvePluginInstance

Preparations for the future

• hashDigestLength will default to 16 in webpack 6 (experiments.futureDefaults)

v5.64.4

Compare Source

Bugfixes

• fix tagged template literal evaluation
• fix ModuleFederation with ESM
• fix outputModule with intial splitChunks

Performance

• upgrade watchpack for faster watcher updating
• track file and directory timestamps separately in watchpack and webpack

Developer Experience

• show origin of singleton shared module in mismatch warning

v5.64.3

Compare Source

Performance

• allow to use pre-compiled schema when Infinity is used in configuration
• allow to use pre-compiled schema for configuration arrays

v5.64.2

Compare Source

Bugfixes

• avoid double initial compilation due to invalid dependencies with managedPaths

v5.64.1

Compare Source

Bugfixes

• fix regexp in managedPaths to exclude additional slash
• make module.accept errorHandler optional in typings
• correctly create an async chunk when using a require(...).property in require.ensure
• fix cleaning of symlinks in output.clean: true
• fix change detection with unsafeCache within managedPaths (node_modules)
• bump webpack-sources for Stack Overflow bugfix

v5.64.0

Compare Source

Features

• add asyncChunks: boolean option to disable creation of async chunks

Bugfixes

• fix ProfilingPlugin for experiments.backCompat: false

Performance

• avoid running regexp twice over the file list

v5.63.0

Compare Source

Features

• allow passing chunkLoading: false to disable on-demand loading

Bugfixes

• fix import 'single-quote' in esm build dependencies

v5.62.2

Compare Source

Bugfixes

• fix __system_context__ injection when using the library option on entrypoint
• enable exportsPresence: "error" by default in futureDefaults
• fix bad performance for a RegExp in Stats printing (with large error messages)
• fix exportPresence -> exportsPresence typo
• fix a bug with module invalidation when only module id changes with experiments.cacheUnaffected

v5.62.1

Compare Source

Bugfix

• fix invalid generated code when omitting ;

v5.62.0

Compare Source

Features

• add options to configure export presence checking
  • parser.javascript.reexportExportsPresence: false allows to disable warnings for non-existing exports during the migration from export ... from "..." to export type ... from "..." for type reexports in TypeScript
• add experiments.backCompat: false to disable some expensive deprecations for better performance

Bugfixes

• use ['catch'] instead of .catch for better ES3 support
• fix removed parentheses when using new (require("...")).Something()
• fix { require } object literals
• splitChunks.chunks option is now correctly used for splitChunks.fallbackCacheGroup.maxSize too
• fix schema of listen option, allow to omit port
• add better support for Promises from different isolates

Developer Experience

• add typings for the webpack API that is available within modules
  • use /// <reference types="webpack/module" /> to use the typings in typescript modules
  • or "types": [..., "webpack/module"] in tsconfig

v5.61.0

Compare Source

Bugfixes

• use a wasm md4 implementation for node 17 support
• include the path submodules in the node.js default externals

Performance

• improve string to binary conversion performance for hashing

Contribution

• CI runs on node.js 17

v5.60.0

Compare Source

Features

• Allow to pass more options to experiments.lazyCompilation. e. g. port, https stuff

Bugfixes

• fix output.hashFunction used to persistent caching too
• Initialize buildDependencies Set correctly when loaders are added in beforeLoaders hook

v5.59.1

Compare Source

Bugfixes

• fix regexp in managedPaths
• fix hanging when trying to write lockfile for experiments.buildHttp

v5.59.0

Compare Source

Features

• add /*#__PURE__*/ for Object() in generated code
• add RegExp and function support for managed/immutablePaths
• add hooks for multiple phases in module build
• improvements to experiments.buildHttp
  • allow to share cache
  • add allowlist
• add splitChunks.minSizeReduction option

Bugfixes

• fix memory caching for Data URLs
• fix crash in waitFor when modules are unsafe cached
• fix bug in build cycle detection

v5.58.2

Compare Source

Bugfixes

• fix serialization context passed
• fix a bug which caused module duplication when using persistent caching, unsafe cache and memory cache with GC
• fix validation of snapshots of non-existing directories

Performance

• store a hash in first bits of bigint to workaround v8 hashing: https://github.com/v8/v8/blob/b704bc0958e2e26305a68e89d215af1aee011148/src/objects/bigint.h#L192-L195

v5.58.1

Compare Source

Bugfixes

• fix .webpack[] suffix to not execute rules
• revert performance optimization that has too large memory usage in large builds

v5.58.0

Compare Source

Features

• add hook for readResource
• add diagnostics_channel to node builtins

Performance

• improve chunk graph creation performance
  • add cacheUnaffected cache support
• remove some caching that makes not difference
• improve splitChunks performance
• improve chunk conditions performance

v5.57.1

Compare Source

Bugfix

• fix experiments.cacheUnaffected which broke by last release

v5.57.0

Compare Source

Performance

• reduce number of hash.update calls
• allow ExternalModules to be unsafe cached
• improve hashing performance of module lists (StringXor)

Bugfixes

• experiments.cacheUnaffected
  • handle module/chunk id changes correctly
  • cache modules with async blocks
  • show errors when using incompatible options

v5.56.1

Compare Source

Bugfix

• DefinePlugin: fix conflict with older variants of the plugin

v5.56.0

Compare Source

Performance

• make DefinePlugin rebuild check more efficient performance and memory wise

v5.55.1

Compare Source

Bugfixes

• fixes for experiments.cacheUnaffected
  • fix accidentically shared mem caches
  • avoid RuntimeSpecMap in favor of directly setting on memCache
  • compare references modules when restoring mem cache

v5.55.0

Compare Source

Performance

• experiments.cacheUnaffected
  • reduce cache memory usage
  • make memCache per module
  • cache ESM reexport computation
• module.unsafeCache
  • make it faster by moving it to Compilation-level instead of in NormalModuleFactory
  • omit tracking resolve dependencies since they are not used when unsafe cache is enabled
• module graph
  • lazy assign ModuleGraphConnections to Dependencies since that is only accessed when uncached

v5.54.0

Compare Source

Features

• improve constant folding to allow to skip more branches for && || and ??
• allow all hashing using in webpack to be configured with output.hashFunction
• no longer bailout completely from inner graph analysis when eval is used in a module

Bugfixes

• force bump enhanced-resolve for bugfixes

Performance

• reduce number of allocation when creating snapshots
• add output.hashFunction: "xxhash64" for a super fast wasm based hash function
• improve utf-8 conversion when serializing short strings
• improve hashing performance for dependencies
• add experiments.cacheUnaffected which caches computations for modules that are unchanged and reference only unchanged modules

v5.53.0

Compare Source

Features

• add node.__dirname/__filename: "warn-mock" which warns on usage (will be enabled in webpack 6 by default)

Bugfixes

• add stream/web to Node.js externals
• fix IgnorePluginSchema
• fix builds with persistent caching taking 1 minute to build at least

Experiments

• add experiments.futureDefaults to enable defaults for webpack 6

v5.52.1

Compare Source

Performance

• split fresh created persistent cache files by time to avoid creating very large files

v5.52.0

Compare Source

Feature

• experiments.executeModule is enabled by default and the option is removed
  • loaders are now free to use this.importModule

Bugfixes

• fix generated __WEBPACK_EXTERNAL_MODULE_null__, which leads to merged externals
• .webpack[...] extension is not part of matching and module name

v5.51.2

Compare Source

Bugfixes

• fix crash in FileSystemInfo when errors occur
• avoid property access of reserved properties
• fix reexports from async modules
• automatically close an active watching when closing the compiler
• when filenames of other runtimes are referenced that need a full hash, upgrade referencing runtime moduel to full hash mode too
  • fixes a bug where [contenthash] is undefined when using new Worker

v5.51.1

Compare Source

Bugfixes

• library: "module" propages top-level-await correctly
• fix crash in filesystem snapshotting when trying to snapshot a non-existing directory
• fix some context-dependent logic in concatenated modules and source url handling

v5.51.0

Compare Source

Bugfixes

• correctly keep chunk loading state when the chunk loading logic is HMR updated
  • This fixes some edge cases that e. g. occur when using lazy compilation for entrypoints. It is now able to HMR update that instead of needing a manual reload. Also see fixes in webpack-dev-server@4.
• track and resolve symlinks for filesystem snapshotting
  • This fixes some cases of circular yarn linking of dependencies.
  • It also fixes some problems when using package managers that use symlinks to deduplicate (e. g. cnpm or pnpm)
• pass the resulting module in the callbacks of Compilation.addModuleChain and Compilation.addModuleTree

v5.50.0

Compare Source

Features

• hashbangs (#! ...) are now handled by webpack
  • https://github.com/tc39/proposal-hashbang

Performance

• disable cache compression by default as it tend to make performance worse
  • I could still be enabled again for specific scenarios
• reduce the number of allocations during cache serialization
  • This improves performance and memory usage

v5.49.0

Compare Source

Features

• add experiments.buildHttp to build http(s):// imports instead of keeping them external
  • keeps a webpack.lock file with integrity and webpack.lock.data with cached content that should be committed
  • Automatically upgrades lockfile during development when remote resources change
    (might be disabled with experiments.buildHttp.upgrade: false)
  • Lockfile is frozen during production builds and usually no network requests are made
    (exception: Cache-Control: no-cache).
  • The webpack.lock.data persisting can be disabled with experiments.buildHttp.cacheLocation: false.
    That will will introduce a availability risk.
    (webpack cache will be used to cache network responses)

Bugfixes

• fix HMR infinite loop (again)
• fix rare non-determinism with splitChunks.maxSize introduces in the last release
• optional modules no longer cause the module to fail when bail is set
• fix typo in records format: chunkHashs -> chunkHashes

Performance

• limit the number of parallel generated chunks for memory reasons

v5.48.0

Compare Source

Features

• enable import assertions again

Bugfixes

• upgrade webpack-sources for fixes regarding source maps
• fix infinite loop in HMR runtime code

v5.47.1

Compare Source

Bugfixes

• upgrade webpack-sources for a bunch of bugfixes regarding source maps and missing chars in output

v5.47.0

Compare Source

Performance

• improve source-map performance

Bugfixes

• avoid unnecessary "use strict"s in module mode

v5.46.0

Compare Source

Features

• status handlers in HMR api can now return Promises to delay the HMR process
• reasons in stats can now be grouped and collapsed
  • add stats.reasonsSpace and stats.groupReasonsByOrigin

Bugfixes

• fix a crash in asset modules when updating persistent cached modules from unsafe cached modules

Performance

• detailed preset limits all spaces to 1000 by default
• upgrade webpack-sources for a performance bugfix

v5.45.1

Compare Source

Bugfixes

• temporary revert import assertions because parser changes break the word assert in other places
• import(/* webpackPrefetch: true */ ...) no longer breaks library output
• DataURL tries to avoid re-encoding
• fix problems with DataURL encoding in some cases

v5.45.0

Compare Source

Features

• add support to import assertions

Bugfixes

• SourceMaps will now also be added to .cjs output files
• fix non-system externals in a system library

Performance

• avoid copying timestamps from the watcher to the compiler

Contributing

• update to jest 27

v5.44.0

Compare Source

Features

• add support for output.module + optimization.runtimeChunk

Bugfixes

• fix inline externals with dash in type

v5.43.0

Compare Source

Features

• support runtime: false in entry description to disable runtime chunk
• support runtime option in ModuleFederationPlugin and ContainerPlugin

Bugfixes

• fix "module" externals when concatenated

Performance

• serialize JSON data as buffer and parse on demand for performance and to avoid performance warning

v5.42.1

Compare Source

Bugfixes

• fix crashes when rebuilding with jsonData or dataUrl of undefined

v5.42.0

Compare Source

Features

• add cache compression via cache.compression
• enable cache compression by default for non-development modes

Bugfixes

• add node-commonjs to schema for externalsType
• update acorn to fix problems with top level await
• fix regression for system externals

Performance

• fix a memory leak in the unsafe cache

v5.41.1

Compare Source

Bugfixes

• add missing types about experimental esm support to schema
• avoid slicing large Buffers as that doesn't always work for unknown reasons

Performance

• avoid slicing Buffers unnecessarily

v5.41.0

Compare Source

Features

• Persist cache faster when large changes are detected
  • new option cache.idleTimeoutAfterLargeChanges to control that

Bugfixes

• shutdown lazy compilation server correctly

Experiments

• EcmaScript modules support (experiments.outputModule: true)
  • output.library.type: "module": very basic support, no live bindings, unnecessary runtime code
  • output.chunkLoading: "import"
  • output.chunkFormat: "module"
  • externalsType: "module" generates now import * as X from "..." (in a module) or import("...") (in a script)
  • Node.js commonjs externals use import { createRequire } from "module" in a module
  • new Worker etc. sets `type: "module"

v5.40.0

Compare Source

Features

• accept node: prefixed requests as node.js externals
• avoid instanceof Promise in favor of p && typeof p.then === "function" to allow mixing different Promise implementions

Bugfixes

• fix usage analysis of class properties

Performance

• improve LazySet memory usage by shortcircuiting empty sets
• reduce algorithmic complexity of the structure analysis for plain objects serialization

Developer Experience

• allow Buffer in this.emitFile typings (loader context)
• improve reset cli argument description

v5.39.1

Compare Source

Bugfixes

• reduce memory usage and fix memory leaks

v5.39.0

Compare Source

Features

• allow lazy compilation for import() context (import with expression)

Bugfixes

• fix respecting cache.allowCollectingMemory
• fix cli loading after installing it
• fix initial list of non-js chunks that are flagged as already loaded

Performance

• remove unnecessary Error.captureStackTrace from webpack errors

v5.38.1

Compare Source

Performance

• fix missing increment in sorting optimization from last release

v5.38.0

Compare Source

Features

• new URL("data:...", import.meta.url) is now supported
• add module.rules[].scheme as condition to match the request scheme (like data, http, etc.)

Bugfixes

• fix tracking of changes and removals during watching in some edge cases
• fix incorrect renaming of class fields in concatenatenated modules
• fix crash in HMR when removing runtimes from the compilation

Performance

• lazy import some internal modules only when used
• allow unsafe caching of the entrypoint
• improve performance of sorting exports info map
• update to latest webpack-sources for improved source map performance

v5.37.1

Compare Source

Bugfixes

• When using multiple configurations in watch mode and calling Watching.invalidate, dependencies and parallelism of the config array is now respected correctly
• Fix a crash when accessing the stats after the next compilation has started
• fix collecting changes when using Watching.suspend
• fix schema of RuleCondition.not and allow passing a condition directly instead of only an array

Developer Experience

• typings accept a ReadonlyArray of configurations now

Contributing

• fix coverage reporting for child processes
• remove outdated loader from readme

v5.37.0

Compare Source

Features

• add output.trustedTypes

Bugfixes

• fix inclusion of too many chunk in the filename function when using dependOn
• allow errors to be null in fs callbacks

Developer Experiences

• make ESM tracking info message less verbose
• add typings for loaders

v5.36.2

Compare Source

Bugfixes

• correctly handle errors thrown during parser/generator creation
  • e. g. validation errors for asset module options
• use a better automatic runtime name for workers
  • not too long to cause filename problems
• no longer assume assets do not get removed when the compiler is running
  • Using output.clean is against this assumption
  • It fixes a bug where assets are missing, when removed and readded to the compilation
• fix a problem when chained dependOn, which causes too many modules being included in entrypoints

v5.36.1

Compare Source

Performance

• add cache.profile (type: "filesystem" only) flag for more info about (de)serialization timings
• avoid complex "by exports" splitting for splitChunks in development mode
• faster hashing for the common case
• improve algorithmic complexity for merging InitFragments to solve performance in an edge case

v5.36.0

Compare Source

Features

• add support for class fields (stage 4)

Performance

• improve (de)serialization performance of dependency locations

v5.35.1

Compare Source

Bugfixes

• fix an __webpack_exports__ is not defined error with some library types

performance

• improve stats grouping performance
• improve providedExports analysis performance
• improve hashing performance
• lazy merge dependencies from creating context modules
• improve dependency parents access performance

v5.35.0

Compare Source

Bugfixes

• fix handling of build dependencies with # in path

Performance

• improve memory usage when using the filesystem cache

When reading a file into a Buffer and picking smaller slices of the Buffer
the small slices still keep a reference to the large original Buffer.
The leads to increased memory usage. A fix would be to clone the slice into
a smaller Buffer when wasting too much memory, but this has a performance cost.
There is now a new option cache.allowCollectingMemory which controls that.
For one-off builds you probably want allowCollectingMemory: false and
for watch builds you probably want allowCollectingMemory: true.
It defaults to false in production mode and true in development mode.

v5.34.0

Compare Source

Features

• add support for empty string in resolve.extensions and handle them in this order
• add pnpapi as builtin external when using target: "node"

Bugfixes

• fix a bug where chunks filenames where not included in runtime when using splitChunks and runtimeChunk with target: "node"
• fix deprecation message from LimitChunkCountPlugin

Performance

• precompile schemas into functions to avoid schema compilation overhead
• fix performance regression when storing the cache
• performance improvement for snapshot file iterators

Developer Experience

• remove removed store: 'idle' from schema description

v5.33.2

Compare Source

Bugfix

• handle falsy entry options correctly

v5.33.1

Compare Source

Bugfix

• fix passing publicPath to this.importModule

v5.33.0

Compare Source

Features

• adds support for specifying a publicPath per entrypoint
  • add entry.xxx.publicPath option

Bugfix

• disable injection of chunk loading logic for executeModule

Performance

• performance improvements for export * and reexports

v5.32.0

Compare Source

Features

• add support for a pseudo extensions .webpack[type] (e. g. .webpack[javascript/auto]) to specify the default module type when no other module type is specified
  • to be used with !=! inline syntax

Bugfixes

• fixes incorrect cache invalidation when new properties are added to the DefinePlugin

Experiments

• add experiments.executeModule to allow build-time execution of modules of the module graph
  • add this.importModule(request, options, [callback]): Promise to the loader context
  • add compilation.executeModule(request, options, callback) for plugins

v5.31.2

Compare Source

Bugfixes

• revert disposing of CodeGenerationResults since some plugins rely on the fact that they are still accessible after the compilation

v5.31.1

Compare Source

Bugfixes

• invalid hooks is no longer called twice for a compiler in a MultiCompiler

Memory

• eliminated some memory leaks
• dispose code generation results after sealing the compilation

Performance

• improve performance of cache serialization by reducing number of write syscalls

v5.31.0

Compare Source

Features

• add a few more options for infrastructure logging:
  • infrastructureLogging.colors: Enables/Disables colorful output.
  • infrastructureLogging.appendOnly: Only appends lines to the output. Avoids updating existing output e. g. for status messages.
  • infrastructureLogging.stream: Stream used for logging output. Defaults to process.stderr.
  • infrastructureLogging.console: Custom console used for logging.
  • When stream is an TTY colors is enabled and appendOnly is disabled. Otherwise it's flipped.

Bugfixes

• Persistent Caching
  • fix caching crash when using fsevents in build dependencies
  • improve resolving of build dependencies when exports field is used
  • make problems during resolving build dependencies warnings instead of debug messages
• prioritize static reexport over runtime reexport for target determination
  • This helps in optimization by no longer opting out of optimization when some other exports any dynamic (from commonjs or empty/type-only modules)
• fix bug with subtraction of runtimes
  • This fixes a problem with concatenated modules in builds with multiple runtimes and force-merged shared chunks
• ensure that entrypoints are always re-executed when HMR-updated
  • This fixes no longer updating pages when the entrypoint crashed

v5.30.0

Compare Source

Features

• add GC to memory cache
  • opt-in via cache.maxGenerations when cache.type: "memory"
  • default for cache.type: "filesystem" and mode: "development"
  • configure via cache.maxMemoryGenerations when cache.type: "filesystem"
  • Generations = Rebuilds
• add GC for untouched filesystem cache files
• allow to configurate GC for the filesystem cache via cache.maxAge
• allow to disable memory cache when using the filesystem cache with cache.maxMemoryGenerations: 0
• Caches will be cleared on Compiler close resp Cache shutdown (after persisting for the filesystem cache)

Bugfixes

• add a few workarounds for v8 bug that causes memory leaks in optimized code (only partially fixes it)
• after serializing filesystem no longer keeps cache items in memory, instead it will read them from disk again when accessed

GC = Garbage Collection

v5.29.0

Compare Source

Bugfixes

• fix some edge cases for splitChunks.maxSize which cause too large chunks to be created
• add stats.groupModulesByType to the schema

Developer Experience

• add resolving trace for error during resolving build dependencies
• expose Stats-related types
• exports AsyncDependenciesBlock and Module/Const/NullDependency on the API

v5.28.0

Compare Source

Features

• add module.generator.asset.publicPath to configure a different publicPath for assets

Bugfixes

• fixes a watch mode caching problem which was introduced in 5.26.0 when using the unsafe cache

Performance

• improve serialization performance

v5.27.2

Compare Source

Bugfixes

• fix error reporting when errors happen in beforeLoaders hook
• avoid crash when experiments.lazyCompilation is used (regression)
• fix lazy compilation opt-out when HMR accept/decline is used on an import()
• fix new URL(new URL generated by worker handing

v5.27.1

Compare Source

Bugfix

• allow invalidation after first watch run in MultiCompilers

v5.27.0

Compare Source

Features

• add utils: { contextify(context, absolutePath), absolutify(context, request) } to loader context

Bugfixes

• fix caching bug when split chunks of an entrypoint change and modules of the entrypoint stay equal
• fix imports field handling
• fix incorrect id assignment of record ids plugin
  • this causes ids changing unnecessary during watch mode
• fix library exports when using onChunks in entry
  • This prevented using libraries with web target when using splitChunks for the initial chunks

v5.26.3

Compare Source

Bugfix

• fix race condition in MultiCompiler queueing

v5.26.2

Compare Source

Bugfixes

• fix problem with new line after comment
• fix assign libraries with runtime chunk

v5.26.1

Compare Source

Bugfixes

• avoid using strict mode runtime for assign libraries to allow assigning not existing variables
• avoid collision with Set.addAll polyfill
• allow filenames starting with ../ when generation the undo path for non-web targets

v5.26.0

Compare Source

Features

• handle cache version automatically for DefinePlugin
  • Values no longer need to be defined as build dependencies
• add more options for DefinePlugin.runtimeValue (file/context/missing/buildDependencies, version)

Bugfixes

• fix a memory leak which happens in watch mode with caching when modules are removed from the compilation
• fix usage of some arrow functions when es5 target is selected
• chunk loading in workers now uses publicPath instead of relative paths
  • fixes a problem when worker file is in a child directory

v5.25.1

Compare Source

Bugfixes

• fix startup logic when non-js chunks are in the entrypoint
• remove type: "module" for Workers when generating classic scripts

v5.25.0

Compare Source

Features

• Refactor the startup logic to improve library support
• add __webpack_runtime_id__ to access the current runtime id
• improve error handling for HMR
  • add second argument to self accept error handler to pass new module and module id
  • add error handler argument to dependency accept, passing error and module ids
• add output.strictModuleErrorHandling to opt into stricter evaluation error handling semantics according to ESM spec
  • used by default when HMR is enabled
• when ignoring a module used by new URL() this will result in an url to a empty file ("data:,")
• add module.generator.asset.emit option to disable creating assets from asset modules (e. g. for SSR)

Bugfixes

• fix problem when library options apply to a non-runtime chunk
• fix crash in splitChunks.maxSize where negative indicies are accessed
• fix sub-optimal splitting of splitChunks.maxSize in some cases when multiple size types are involved
• fix a memory leak in AssetGenerator
• fix usage of runtime globals in SharedPlugin to support HMR updates

Deprecations

• deprecate output.strictModuleExceptionHandling (this is the CommonJS way of handling errors, and the name is weird)

v5.24.4

Compare Source

Bugfixes

• fix overridding built-in externals via externals
• fix handling UNC paths as windows paths
• Improve error when passing an empty array as library name
• avoid adding the package.json from compilation context as build dependency
• fix expansion of "..." in array configuration options when it's not at the start

v5.24.3

Compare Source

Bugfixes

• fix contenthash when a file is emitted twice with different filenames but that same contenthash

v5.24.2

Compare Source

Bugfixes

• fix invalid syntax generated for destructuring with default values
• fix some incorrect properties accesses in watch
  • modifiedFiles and removedFiles were undefined
• fix some edge cases with MultiCompiler

v5.24.1

Compare Source

Performance

• improve performance of finding modules to concatenate
• improve performance of getting incoming modules from connections
• make sure that all serialized modules restore correctly
• avoid storing ConcatenatedModule, since that's not needed

Developer Experience

• fix typo in deprecation message

v5.24.0

Compare Source

Bugfixes

• fix name conflict when using destructing with default arguments in concatenated modules
• fix tracking of reexports in concatenated modules when using multiple export * that point to the same export
• debug logging is now included even if logging is not
• fix name of ModuleConcatenationPlugin logger
• fix experiments.lazyCompilation: true. It now has an effect.

Developer Experience

• expose Watching type

Contribution

• fix husky setup

Performance

• improve performance of module concatenation

v5.23.0

Compare Source

Features

• add parserOptions.url: "relative" option
  • Allows to generate relative URLs from new URL (e. g. for SSG/SSR)

Bugfixes

• fixes for electron target
  • electron has importScripts in worker
  • only choose a chunkLoading which fits to the chunkFormat
  • prefer fetch wasm loading over node wasm loading
• fix regression when combining library + runtimeChunk + node target

Developer Experience

• export MultiStats type

v5.22.0

Compare Source

Features

• generate shorter output code for JSON data by using a '...' string instead of "..." (only affects output side when not minimized)
• the dependencies configuration option now works for watch builds too
  • It will build compilation when any of dependencies has changed
  • It will wait for compiling u

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 9e50a14

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[socket-security]

New dependency changes detected. Learn more about Socket for GitHub ↗︎

---

👍 No new dependency issues detected in pull request

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

Pull request alert summary

Issue	Status
Install scripts	✅ 0 issues
Native code	✅ 0 issues
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues

---

📊 Modified Dependency Overview:

🚮 Removed packages: webpack@5.10.0