[Security] Bump webpack from 5.72.1 to 5.76.2 in /frontend
Bumps webpack from 5.72.1 to 5.76.2. This update includes a security fix.
Vulnerabilities fixed
Cross-realm object access in Webpack 5 Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.
Patched versions: 5.76.0 Affected versions: >= 5.0.0, < 5.76.0
Release notes
Sourced from webpack's releases.
v5.76.2
Bugfixes
- Fix bug where a missing semicolon in generated bundle output for
publicPathRuntimewould cause concatenated runtime errors by@snitin315in webpack/webpack#16811- Remove redundant semicolons generated in bundle runtime code after
onScriptCompletefunction by@ahaoboyin webpack/webpack#16347- Fix bug where
RealContentHashPluginwas not respectingoutput.hashSalt's ability to cause a force recalculation of[contenthash]for emitted assets by@dmichon-msft#16789Performance
- Improve memory and runtime performance of sourcemaps via hoisting Regular Expression literals to stored variables by
@TheLarkInnin webpack/webpack#15722- Correct v8 deoptimization in
ModuleGraphdue to instance property declarations occurring outside of constructor by@snitin315in webpack/webpack#16830Developer Experience
- Improved internal typings to match
webpack-sourcestypings forSourceinstances by@snitin315in webpack/webpack#16805- Update repo examples to include missing quotation by
@snitin315in webpack/webpack#16812New Contributors
@ahaoboymade their first contribution in webpack/webpack#16347Full Changelog: https://github.com/webpack/webpack/compare/v5.76.1...v5.76.2
v5.76.1
Fixed
- Added
assert/strictbuilt-in toNodeTargetPluginRevert
- Improve performance of
hashRegExplookup by@ryanwilsonperkinin webpack/webpack#16759v5.76.0
Bugfixes
- Avoid cross-realm object access by
@Jack-Worksin webpack/webpack#16500- Improve hash performance via conditional initialization by
@lvivskiin webpack/webpack#16491- Serialize
generatedCodeinfo to fix bug in asset module cache restoration by@ryanwilsonperkinin webpack/webpack#16703- Improve performance of
hashRegExplookup by@ryanwilsonperkinin webpack/webpack#16759Features
- add
targettoLoaderContexttype by@askoufisin webpack/webpack#16781Security
- CVE-2022-37603 fixed by
@akhilgkrishnanin webpack/webpack#16446Repo Changes
- Fix HTML5 logo in README by
@jakebaileyin webpack/webpack#16614- Replace TypeScript logo in README by
@jakebaileyin webpack/webpack#16613- Update actions/cache dependencies by
@piwysockiin webpack/webpack#16493New Contributors
@Jack-Worksmade their first contribution in webpack/webpack#16500@lvivskimade their first contribution in webpack/webpack#16491@jakebaileymade their first contribution in webpack/webpack#16614@akhilgkrishnanmade their first contribution in webpack/webpack#16446@ryanwilsonperkinmade their first contribution in webpack/webpack#16703
... (truncated)
Commits
-
dbf7bf35.76.2 -
125449fMerge pull request #16830 from snitin315/fix/module-graph -
3943ccefix: initializethis._cacheStagein ModuleGraph constructor -
796b511Merge pull request #16805 from snitin315/fix/improve-source-types -
be54e43Merge pull request #16811 from snitin315/fix/add-missing-semicolon -
976320dtest: update StatsTestCases snapshots -
44256c2fix: add missing semicolon inAutoPublicPathRuntimeModule -
9ca77a3Merge pull request #15722 from webpack/feat/issue-15720 -
8f1b5ffMerge pull request #16347 from ahaoboy/main -
0f82297docs: fix typo in examples - Additional commits viewable in compare view
Maintainer changes
This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.
Dependabot commands
You can trigger Dependabot actions by commenting on this MR
-
$dependabot rebasewill rebase this MR -
$dependabot recreatewill recreate this MR rewriting all the manual changes and resolving conflicts