chore(deps): update dependency webpack to v5.76.0 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
webpack	5.70.0 -> 5.76.0

GitHub Vulnerability Alerts

CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.

---

Release Notes

webpack/webpack (webpack)

v5.76.0

Compare Source

Bugfixes

• Avoid cross-realm object access by @​Jack-Works in https://github.com/webpack/webpack/pull/16500
• Improve hash performance via conditional initialization by @​lvivski in https://github.com/webpack/webpack/pull/16491
• Serialize generatedCode info to fix bug in asset module cache restoration by @​ryanwilsonperkin in https://github.com/webpack/webpack/pull/16703
• Improve performance of hashRegExp lookup by @​ryanwilsonperkin in https://github.com/webpack/webpack/pull/16759

Features

• add target to LoaderContext type by @​askoufis in https://github.com/webpack/webpack/pull/16781

Security

• CVE-2022-37603 fixed by @​akhilgkrishnan in https://github.com/webpack/webpack/pull/16446

Repo Changes

• Fix HTML5 logo in README by @​jakebailey in https://github.com/webpack/webpack/pull/16614
• Replace TypeScript logo in README by @​jakebailey in https://github.com/webpack/webpack/pull/16613
• Update actions/cache dependencies by @​piwysocki in https://github.com/webpack/webpack/pull/16493

New Contributors

• @​Jack-Works made their first contribution in https://github.com/webpack/webpack/pull/16500
• @​lvivski made their first contribution in https://github.com/webpack/webpack/pull/16491
• @​jakebailey made their first contribution in https://github.com/webpack/webpack/pull/16614
• @​akhilgkrishnan made their first contribution in https://github.com/webpack/webpack/pull/16446
• @​ryanwilsonperkin made their first contribution in https://github.com/webpack/webpack/pull/16703
• @​piwysocki made their first contribution in https://github.com/webpack/webpack/pull/16493
• @​askoufis made their first contribution in https://github.com/webpack/webpack/pull/16781

Full Changelog: webpack/webpack@v5.75.0...v5.76.0

v5.75.0

Compare Source

Bugfixes

• experiments.* normalize to false when opt-out
• avoid NaN%
• show the correct error when using a conflicting chunk name in code
• HMR code tests existance of window before trying to access it
• fix eval-nosources-* actually exclude sources
• fix race condition where no module is returned from processing module
• fix position of standalong semicolon in runtime code

Features

• add support for @import to extenal CSS when using experimental CSS in node
• add i64 support to the deprecated WASM implementation

Developer Experience

• expose EnableWasmLoadingPlugin
• add more typings
• generate getters instead of readonly properties in typings to allow overriding them

v5.74.0

Compare Source

Features

• add resolve.extensionAlias option which allows to alias extensions
  • This is useful when you are forced to add the .js extension to imports when the file really has a .ts extension (typescript + "type": "module")
• add support for ES2022 features like static blocks
• add Tree Shaking support for ProvidePlugin

Bugfixes

• fix persistent cache when some build dependencies are on a different windows drive
• make order of evaluation of side-effect-free modules deterministic between concatenated and non-concatenated modules
• remove left-over from debugging in TLA/async modules runtime code
• remove unneeded extra 1s timestamp offset during watching when files are actually untouched
  • This sometimes caused an additional second build which are not really needed
• fix shareScope option for ModuleFederationPlugin
• set "use-credentials" also for same origin scripts

Performance

• Improve memory usage and performance of aggregating needed files/directories for watching
  • This affects rebuild performance

Extensibility

• export HarmonyImportDependency for plugins

v5.73.0

Compare Source

Features

• add options for default dynamicImportMode and prefetch and preload
• add support for import { createRequire } from "module" in source code

Bugfixes

• fix code generation of e. g. return"field"in Module
• fix performance of large JSON modules
• fix performance of async modules evaluation

Developer Experience

• export PathData in typings
• improve error messages with more details

v5.72.1

Compare Source

Bugfixes

• fix __webpack_nonce__ with HMR
• fix in operator in some cases
• fix json parsing error messages
• fix module concatenation with using this.importModule
• upgrade enhanced-resolve

v5.72.0

Compare Source

Features

• make cache warnings caused by build errors less verbose
• Allow banner to be placed as a footer with the BannerPlugin
• allow to concatenate asset modules

Bugfixes

• fix RemoteModules when using HMR (Module Federation + HMR)
• throw error when using module concatenation and cacheUnaffected
• fix in operator with nested exports

v5.71.0

Compare Source

Features

• choose smarter default for uniqueName when using a output.library which includes placeholders
• add support for expressions with in of a imported binding
• generate UMD code with arrow functions when possible

Bugfixes

• fix source map source names for ContextModule to be relative
• fix chunkLoading option in module module
• fix edge case where evaluateExpression returns null
• retain optional chaining in imported bindings
• include runtime code for the base URI even if not using chunk loading
• don't throw errors in persistent caching when importing node.js builtin modules via ESM
• fix crash when using lazy-once Context modules
• improve handling of context modules with multiple contexts
• fix race condition HMR chunk loading when importing chunks during HMR updating
• handle errors in runAsChild callback

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-advanced-security]

You have successfully added a new SonarCloud configuration ``. As part of the setup process, we have scanned this repository and found no existing alerts. In the future, you will see all code scanning alerts on the repository Security tab.

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud