Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency webpack to v5.76.0 [SECURITY] #521

Closed
wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 16, 2023

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
webpack 5.24.4 -> 5.76.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.


Release Notes

webpack/webpack

v5.76.0

Compare Source

Bugfixes

Features

Security

Repo Changes

New Contributors

Full Changelog: webpack/webpack@v5.75.0...v5.76.0

v5.75.0

Compare Source

Bugfixes
  • experiments.* normalize to false when opt-out
  • avoid NaN%
  • show the correct error when using a conflicting chunk name in code
  • HMR code tests existance of window before trying to access it
  • fix eval-nosources-* actually exclude sources
  • fix race condition where no module is returned from processing module
  • fix position of standalong semicolon in runtime code
Features
  • add support for @import to extenal CSS when using experimental CSS in node
  • add i64 support to the deprecated WASM implementation
Developer Experience
  • expose EnableWasmLoadingPlugin
  • add more typings
  • generate getters instead of readonly properties in typings to allow overriding them

v5.74.0

Compare Source

Features

  • add resolve.extensionAlias option which allows to alias extensions
    • This is useful when you are forced to add the .js extension to imports when the file really has a .ts extension (typescript + "type": "module")
  • add support for ES2022 features like static blocks
  • add Tree Shaking support for ProvidePlugin

Bugfixes

  • fix persistent cache when some build dependencies are on a different windows drive
  • make order of evaluation of side-effect-free modules deterministic between concatenated and non-concatenated modules
  • remove left-over from debugging in TLA/async modules runtime code
  • remove unneeded extra 1s timestamp offset during watching when files are actually untouched
    • This sometimes caused an additional second build which are not really needed
  • fix shareScope option for ModuleFederationPlugin
  • set "use-credentials" also for same origin scripts

Performance

  • Improve memory usage and performance of aggregating needed files/directories for watching
    • This affects rebuild performance

Extensibility

  • export HarmonyImportDependency for plugins

v5.73.0

Compare Source

Features

  • add options for default dynamicImportMode and prefetch and preload
  • add support for import { createRequire } from "module" in source code

Bugfixes

  • fix code generation of e. g. return"field"in Module
  • fix performance of large JSON modules
  • fix performance of async modules evaluation

Developer Experience

  • export PathData in typings
  • improve error messages with more details

v5.72.1

Compare Source

Bugfixes

  • fix __webpack_nonce__ with HMR
  • fix in operator in some cases
  • fix json parsing error messages
  • fix module concatenation with using this.importModule
  • upgrade enhanced-resolve

v5.72.0

Compare Source

Features

  • make cache warnings caused by build errors less verbose
  • Allow banner to be placed as a footer with the BannerPlugin
  • allow to concatenate asset modules

Bugfixes

  • fix RemoteModules when using HMR (Module Federation + HMR)
  • throw error when using module concatenation and cacheUnaffected
  • fix in operator with nested exports

v5.71.0

Compare Source

Features

  • choose smarter default for uniqueName when using a output.library which includes placeholders
  • add support for expressions with in of a imported binding
  • generate UMD code with arrow functions when possible

Bugfixes

  • fix source map source names for ContextModule to be relative
  • fix chunkLoading option in module module
  • fix edge case where evaluateExpression returns null
  • retain optional chaining in imported bindings
  • include runtime code for the base URI even if not using chunk loading
  • don't throw errors in persistent caching when importing node.js builtin modules via ESM
  • fix crash when using lazy-once Context modules
  • improve handling of context modules with multiple contexts
  • fix race condition HMR chunk loading when importing chunks during HMR updating
  • handle errors in runAsChild callback

v5.70.0

Compare Source

Features

  • update node.js version constraints for ESM support
  • add baseUri to entry options to configure a static base uri (the base of new URL())
  • alphabetically sort exports in namespace objects when possible
  • add __webpack_exports_info__.name.canMangle
  • add proxy support to experiments.buildHttp
  • import.meta.webpackContext as ESM alternative to require.context
  • handle multiple alternative directories (e. g. due to resolve.alias or resolve.modules) when creating an context module

Bugfixes

  • fix problem when assigning global to a variable
  • fix crash when using experiments.outputModule and loaderContext.importModule with multiple chunks
  • avoid generating progress output before the compilation has started (ProgressPlugin)
  • fix handling of non-static-ESM dependencies with using TLA and HMR in the same module
  • include the asset module filename in hashing
  • output.clean will keep HMR assets for at least 10s to allow HMR to access them even when compilation is faster then the browser

Performance

  • fix asset caching when using the BannerPlugin

Developer Experience

  • improve typings

Contributing

  • capture caching errors when running the test suite

v5.69.1

Compare Source

Revert

  • revert "handle multiple alternative directories (e. g. due to resolve.alias or resolve.modules) when creating an context module"

v5.69.0

Compare Source

Features

  • automatically switch to an ESM compatible environment when enabling ESM output mode
  • handle multiple alternative directories (e. g. due to resolve.alias or resolve.modules) when creating an context module
  • add util/types to node.js built-in modules
  • add __webpack_exports_info__.<name>.canMangle api

Bugfixes

  • fix bug in chunk graph generation which leads to modules being included in chunk desprite them being already included in parent chunks
  • avoid writing more than 2GB at once during cache serialization (as workaround for node.js/libuv bug on MacOS)
  • fix handling of whitespaces in semver ranges when using Module Federation
  • avoid generating hashes which contain only numbers as they likely conflict with module ids
  • fix resource name based placeholders for data uris
  • fix cache serialization for context elements
  • fix passing of stage option when instrumenting plugins for the ProfilingPlugin
  • fix tracking of declarations in concatenated modules to avoid conflicts
  • fix unstable mangling of exports
  • fix handling of # in paths of loaders
  • avoid unnecessary cache update when using experiments.buildHttp

Contributing

  • update typescript and jest

Developer Experience

  • expose some additional typings for usage in webpack-cli

v5.68.0

Compare Source

Features

  • allow to disable compile time evaluation of import.meta.url
  • add __webpack_module__ and __webpack_module__.id to the api

Bugfixes

  • fix handling of errors thrown in async modules

v5.67.0

Compare Source

Features

  • add 'outputPath' configuration option for resource asset modules
  • support Trusted Types in eval source maps
  • experiments.css
    • allow to generate only exports for css in node
    • add SyncModuleIdsPlugin to sync module ids between server and client compilation
    • add more options to the DeterministicModuleIdsPlugin to allow to generate equal ids

Developer Experience

  • limit data url module name in stats printer
  • allow specific description for CLI options
  • improve space limiting algorithm in stats printing to show partial lists
  • add null to errors in callbacks
  • fix call signature types of addChunkInGroup

Bugfixes

  • avoid reporting non-existant package.jsons as dependencies
  • experiments.css
    • fix missing css runtime when only initial css is used
    • fix css hmr support
    • bugfixes to css modules
  • fix cache serialization for CreateScriptUrlDependency
  • fix data url content when processed by a loader
  • fix regexp in identifiers that include |
  • fix ProfilingPlugin for watch scenarios
  • add layer to module names and identifiers
    • this avoid random module id changes when additional modules are added to another layer
  • provide hashFunction parameter to DependencyTemplates to allow customizing it there
  • fix HMR when experiments.lazyCompilation is enabled
  • store url as Buffer to avoid serialization warnings
  • exclude webpack-hot-middleware/client from lazy compilation

Contributing

  • remove travis configuration
  • improve spell checking

v5.66.0

Compare Source

Features

Bugfixes

  • fix CORS headers for experiments.lazyCompilation
  • fix [absolute-resource-path] for SourceMap module naming
  • avoid stack overflow when accessing many memory cached cache values in series

Performance

  • reduce default watchOptions.aggregateTimeout to 20ms

v5.65.0

Compare Source

Features

  • static evaluation understands undefined now
  • reduce container entry code by a few chars
  • use template literals when available and they make sense

Bugfixes

  • handle singleton flag without requiredVersion in Module Federation
  • upgrade watchpack for context time info bugfix

Performance

  • improve RegExp in error message formating for non-quadratic performance

Developer Experience

  • automatically insert brackets when output.globalObject contains a non-trival expression
  • show error when using script type external with invalid syntax
  • expose types for Resolver, StatsOptions and ResolvePluginInstance

Preparations for the future

  • hashDigestLength will default to 16 in webpack 6 (experiments.futureDefaults)

v5.64.4

Compare Source

Bugfixes

  • fix tagged template literal evaluation
  • fix ModuleFederation with ESM
  • fix outputModule with intial splitChunks

Performance

  • upgrade watchpack for faster watcher updating
  • track file and directory timestamps separately in watchpack and webpack

Developer Experience

  • show origin of singleton shared module in mismatch warning

v5.64.3

Compare Source

Performance

  • allow to use pre-compiled schema when Infinity is used in configuration
  • allow to use pre-compiled schema for configuration arrays

v5.64.2

Compare Source

Bugfixes

  • avoid double initial compilation due to invalid dependencies with managedPaths

v5.64.1

Compare Source

Bugfixes

  • fix regexp in managedPaths to exclude additional slash
  • make module.accept errorHandler optional in typings
  • correctly create an async chunk when using a require(...).property in require.ensure
  • fix cleaning of symlinks in output.clean: true
  • fix change detection with unsafeCache within managedPaths (node_modules)
  • bump webpack-sources for Stack Overflow bugfix

v5.64.0

Compare Source

Features

  • add asyncChunks: boolean option to disable creation of async chunks

Bugfixes

  • fix ProfilingPlugin for experiments.backCompat: false

Performance

  • avoid running regexp twice over the file list

v5.63.0

Compare Source

Features

  • allow passing chunkLoading: false to disable on-demand loading

Bugfixes

  • fix import 'single-quote' in esm build dependencies

v5.62.2

Compare Source

Bugfixes

  • fix __system_context__ injection when using the library option on entrypoint
  • enable exportsPresence: "error" by default in futureDefaults
  • fix bad performance for a RegExp in Stats printing (with large error messages)
  • fix exportPresence -> exportsPresence typo
  • fix a bug with module invalidation when only module id changes with experiments.cacheUnaffected

v5.62.1

Compare Source

Bugfix

  • fix invalid generated code when omitting ;

v5.62.0

Compare Source

Features

  • add options to configure export presence checking
    • parser.javascript.reexportExportsPresence: false allows to disable warnings for non-existing exports during the migration from export ... from "..." to export type ... from "..." for type reexports in TypeScript
  • add experiments.backCompat: false to disable some expensive deprecations for better performance

Bugfixes

  • use ['catch'] instead of .catch for better ES3 support
  • fix removed parentheses when using new (require("...")).Something()
  • fix { require } object literals
  • splitChunks.chunks option is now correctly used for splitChunks.fallbackCacheGroup.maxSize too
  • fix schema of listen option, allow to omit port
  • add better support for Promises from different isolates

Developer Experience

  • add typings for the webpack API that is available within modules
    • use /// <reference types="webpack/module" /> to use the typings in typescript modules
    • or "types": [..., "webpack/module"] in tsconfig

v5.61.0

Compare Source

Bugfixes

  • use a wasm md4 implementation for node 17 support
  • include the path submodules in the node.js default externals

Performance

  • improve string to binary conversion performance for hashing

Contribution

  • CI runs on node.js 17

v5.60.0

Compare Source

Features

  • Allow to pass more options to experiments.lazyCompilation. e. g. port, https stuff

Bugfixes

  • fix output.hashFunction used to persistent caching too
  • Initialize buildDependencies Set correctly when loaders are added in beforeLoaders hook

v5.59.1

Compare Source

Bugfixes

  • fix regexp in managedPaths
  • fix hanging when trying to write lockfile for experiments.buildHttp

v5.59.0

Compare Source

Features

  • add /*#__PURE__*/ for Object() in generated code
  • add RegExp and function support for managed/immutablePaths
  • add hooks for multiple phases in module build
  • improvements to experiments.buildHttp
    • allow to share cache
    • add allowlist
  • add splitChunks.minSizeReduction option

Bugfixes

  • fix memory caching for Data URLs
  • fix crash in waitFor when modules are unsafe cached
  • fix bug in build cycle detection

v5.58.2

Compare Source

Bugfixes

  • fix serialization context passed
  • fix a bug which caused module duplication when using persistent caching, unsafe cache and memory cache with GC
  • fix validation of snapshots of non-existing directories

Performance

v5.58.1

Compare Source

Bugfixes

  • fix .webpack[] suffix to not execute rules
  • revert performance optimization that has too large memory usage in large builds

v5.58.0

Compare Source

Features

  • add hook for readResource
  • add diagnostics_channel to node builtins

Performance

  • improve chunk graph creation performance
    • add cacheUnaffected cache support
  • remove some caching that makes not difference
  • improve splitChunks performance
  • improve chunk conditions performance

v5.57.1

Compare Source

Bugfix

  • fix experiments.cacheUnaffected which broke by last release

v5.57.0

Compare Source

Performance

  • reduce number of hash.update calls
  • allow ExternalModules to be unsafe cached
  • improve hashing performance of module lists (StringXor)

Bugfixes

  • experiments.cacheUnaffected
    • handle module/chunk id changes correctly
    • cache modules with async blocks
    • show errors when using incompatible options

v5.56.1

Compare Source

Bugfix

  • DefinePlugin: fix conflict with older variants of the plugin

v5.56.0

Compare Source

Performance

  • make DefinePlugin rebuild check more efficient performance and memory wise

v5.55.1

Compare Source

Bugfixes

  • fixes for experiments.cacheUnaffected
    • fix accidentically shared mem caches
    • avoid RuntimeSpecMap in favor of directly setting on memCache
    • compare references modules when restoring mem cache

v5.55.0

Compare Source

Performance

  • experiments.cacheUnaffected
    • reduce cache memory usage
    • make memCache per module
    • cache ESM reexport computation
  • module.unsafeCache
    • make it faster by moving it to Compilation-level instead of in NormalModuleFactory
    • omit tracking resolve dependencies since they are not used when unsafe cache is enabled
  • module graph
    • lazy assign ModuleGraphConnections to Dependencies since that is only accessed when uncached

v5.54.0

Compare Source

Features

  • improve constant folding to allow to skip more branches for && || and ??
  • allow all hashing using in webpack to be configured with output.hashFunction
  • no longer bailout completely from inner graph analysis when eval is used in a module

Bugfixes

  • force bump enhanced-resolve for bugfixes

Performance

  • reduce number of allocation when creating snapshots
  • add output.hashFunction: "xxhash64" for a super fast wasm based hash function
  • improve utf-8 conversion when serializing short strings
  • improve hashing performance for dependencies
  • add experiments.cacheUnaffected which caches computations for modules that are unchanged and reference only unchanged modules

v5.53.0

Compare Source

Features

  • add node.__dirname/__filename: "warn-mock" which warns on usage (will be enabled in webpack 6 by default)

Bugfixes

  • add stream/web to Node.js externals
  • fix IgnorePluginSchema
  • fix builds with persistent caching taking 1 minute to build at least

Experiments

  • add experiments.futureDefaults to enable defaults for webpack 6

v5.52.1

Compare Source

Performance

  • split fresh created persistent cache files by time to avoid creating very large files

v5.52.0

Compare Source

Feature

  • experiments.executeModule is enabled by default and the option is removed
    • loaders are now free to use this.importModule

Bugfixes

  • fix generated __WEBPACK_EXTERNAL_MODULE_null__, which leads to merged externals
  • .webpack[...] extension is not part of matching and module name

v5.51.2

Compare Source

Bugfixes

  • fix crash in FileSystemInfo when errors occur
  • avoid property access of reserved properties
  • fix reexports from async modules
  • automatically close an active watching when closing the compiler
  • when filenames of other runtimes are referenced that need a full hash, upgrade referencing runtime moduel to full hash mode too
    • fixes a bug where [contenthash] is undefined when using new Worker

v5.51.1

Compare Source

Bugfixes

  • library: "module" propages top-level-await correctly
  • fix crash in filesystem snapshotting when trying to snapshot a non-existing directory
  • fix some context-dependent logic in concatenated modules and source url handling

v5.51.0

Compare Source

Bugfixes

  • correctly keep chunk loading state when the chunk loading logic is HMR updated
    • This fixes some edge cases that e. g. occur when using lazy compilation for entrypoints. It is now able to HMR update that instead of needing a manual reload. Also see fixes in webpack-dev-server@4.
  • track and resolve symlinks for filesystem snapshotting
    • This fixes some cases of circular yarn linking of dependencies.
    • It also fixes some problems when using package managers that use symlinks to deduplicate (e. g. cnpm or pnpm)
  • pass the resulting module in the callbacks of Compilation.addModuleChain and Compilation.addModuleTree

v5.50.0

Compare Source

Features

Performance

  • disable cache compression by default as it tend to make performance worse
    • I could still be enabled again for specific scenarios
  • reduce the number of allocations during cache serialization
    • This improves performance and memory usage

v5.49.0

Compare Source

Features

  • add experiments.buildHttp to build http(s):// imports instead of keeping them external
    • keeps a webpack.lock file with integrity and webpack.lock.data with cached content that should be committed
    • Automatically upgrades lockfile during development when remote resources change
      (might be disabled with experiments.buildHttp.upgrade: false)
    • Lockfile is frozen during production builds and usually no network requests are made
      (exception: Cache-Control: no-cache).
    • The webpack.lock.data persisting can be disabled with experiments.buildHttp.cacheLocation: false.
      That will will introduce a availability risk.
      (webpack cache will be used to cache network responses)

Bugfixes

  • fix HMR infinite loop (again)
  • fix rare non-determinism with splitChunks.maxSize introduces in the last release
  • optional modules no longer cause the module to fail when bail is set
  • fix typo in records format: chunkHashs -> chunkHashes

Performance

  • limit the number of parallel generated chunks for memory reasons

v5.48.0

Compare Source

Features

  • enable import assertions again

Bugfixes

  • upgrade webpack-sources for fixes regarding source maps
  • fix infinite loop in HMR runtime code

v5.47.1

Compare Source

Bugfixes

  • upgrade webpack-sources for a bunch of bugfixes regarding source maps and missing chars in output

v5.47.0

Compare Source

Performance

  • improve source-map performance

Bugfixes

  • avoid unnecessary "use strict"s in module mode

v5.46.0

Compare Source

Features

  • status handlers in HMR api can now return Promises to delay the HMR process
  • reasons in stats can now be grouped and collapsed
    • add stats.reasonsSpace and stats.groupReasonsByOrigin

Bugfixes

  • fix a crash in asset modules when updating persistent cached modules from unsafe cached modules

Performance

  • detailed preset limits all spaces to 1000 by default
  • upgrade webpack-sources for a performance bugfix

v5.45.1

Compare Source

Bugfixes

  • temporary revert import assertions because parser changes break the word assert in other places
  • import(/* webpackPrefetch: true */ ...) no longer breaks library output
  • DataURL tries to avoid re-encoding
  • fix problems with DataURL encoding in some cases

v5.45.0

Compare Source

Features

  • add support to import assertions

Bugfixes

  • SourceMaps will now also be added to .cjs output files
  • fix non-system externals in a system library

Performance

  • avoid copying timestamps from the watcher to the compiler

Contributing

  • update to jest 27

v5.44.0

Compare Source

Features

  • add support for output.module + optimization.runtimeChunk

Bugfixes

  • fix inline externals with dash in type

v5.43.0

Compare Source

Features

  • support runtime: false in entry description to disable runtime chunk
  • support runtime option in ModuleFederationPlugin and ContainerPlugin

Bugfixes

  • fix "module" externals when concatenated

Performance

  • serialize JSON data as buffer and parse on demand for performance and to avoid performance warning

v5.42.1

Compare Source

Bugfixes

  • fix crashes when rebuilding with jsonData or dataUrl of undefined

v5.42.0

Compare Source

Features

  • add cache compression via cache.compression
  • enable cache compression by default for non-development modes

Bugfixes

  • add node-commonjs to schema for externalsType
  • update acorn to fix problems with top level await
  • fix regression for system externals

Performance

  • fix a memory leak in the unsafe cache

v5.41.1

Compare Source

Bugfixes

  • add missing types about experimental esm support to schema
  • avoid slicing large Buffers as that doesn't always work for unknown reasons

Performance

  • avoid slicing Buffers unnecessarily

v5.41.0

Compare Source

Features

  • Persist cache faster when large changes are detected
    • new option cache.idleTimeoutAfterLargeChanges to control that

Bugfixes

  • shutdown lazy compilation server correctly

Experiments

  • EcmaScript modules support (experiments.outputModule: true)
    • output.library.type: "module": very basic support, no live bindings, unnecessary runtime code
    • output.chunkLoading: "import"
    • output.chunkFormat: "module"
    • externalsType: "module" generates now import * as X from "..." (in a module) or import("...") (in a script)
    • Node.js commonjs externals use import { createRequire } from "module" in a module
    • new Worker etc. sets `type: "module"

v5.40.0

Compare Source

Features

  • accept node: prefixed requests as node.js externals
  • avoid instanceof Promise in favor of p && typeof p.then === "function" to allow mixing different Promise implementions

Bugfixes

  • fix usage analysis of class properties

Performance

  • improve LazySet memory usage by shortcircuiting empty sets
  • reduce algorithmic complexity of the structure analysis for plain objects serialization

Developer Experience

  • allow Buffer in this.emitFile typings (loader context)
  • improve reset cli argument description

v5.39.1

Compare Source

Bugfixes

  • reduce memory usage and fix memory leaks

v5.39.0

Compare Source

Features

  • allow lazy compilation for import() context (import with expression)

Bugfixes

  • fix respecting cache.allowCollectingMemory
  • fix cli loading after installing it
  • fix initial list of non-js chunks that are flagged as already loaded

Performance

  • remove unnecessary Error.captureStackTrace from webpack errors

v5.38.1

Compare Source

Performance

  • fix missing increment in sorting optimization from last release

v5.38.0

Compare Source

Features

  • new URL("data:...", import.meta.url) is now supported
  • add module.rules[].scheme as condition to match the request scheme (like data, http, etc.)

Bugfixes

  • fix tracking of changes and removals during watching in some edge cases
  • fix incorrect renaming of class fields in concatenatenated modules
  • fix crash in HMR when removing runtimes from the compilation

Performance

  • lazy import some internal modules only when used
  • allow unsafe caching of the entrypoint
  • improve performance of sorting exports info map
  • update to latest webpack-sources for improved source map performance

v5.37.1

Compare Source

Bugfixes

  • When using multiple configurations in watch mode and calling Watching.invalidate, dependencies and parallelism of the config array is now respected correctly
  • Fix a crash when accessing the stats after the next compilation has started
  • fix collecting changes when using Watching.suspend
  • fix schema of RuleCondition.not and allow passing a condition directly instead of only an array

Developer Experience

  • typings accept a ReadonlyArray of configurations now

Contributing

  • fix coverage reporting for child processes
  • remove outdated loader from readme

v5.37.0

Compare Source

Features

  • add output.trustedTypes

Bugfixes

  • fix inclusion of too many chunk in the filename function when using dependOn
  • allow errors to be null in fs callbacks

Developer Experiences

  • make ESM tracking info message less verbose
  • add typings for loaders

v5.36.2

Compare Source

Bugfixes

  • correctly handle errors thrown during parser/generator creation
    • e. g. validation errors for asset module options
  • use a better automatic runtime name for workers
    • not too long to cause filename problems
  • no longer assume assets do not get removed when the compiler is running
    • Using output.clean is against this assumption
    • It fixes a bug where assets are missing, when removed and readded to the compilation
  • fix a problem when chained dependOn, which causes too many modules being included in entrypoints

v5.36.1

Compare Source

Performance

  • add cache.profile (type: "filesystem" only) flag for more info about (de)serialization timings
  • avoid complex "by exports" splitting for splitChunks in development mode
  • faster hashing for the common case
  • improve algorithmic complexity for merging InitFragments to solve performance in an edge case

v5.36.0

Compare Source

Features

  • add support for class fields (stage 4)

Performance

  • improve (de)serialization performance of dependency locations

v5.35.1

Compare Source

Bugfixes

  • fix an __webpack_exports__ is not defined error with some library types

performance

  • improve stats grouping performance
  • improve providedExports analysis performance
  • improve hashing performance
  • lazy merge dependencies from creating context modules
  • improve dependency parents access performance

v5.35.0

Compare Source

Bugfixes

  • fix handling of build dependencies with # in path

Performance

  • improve memory usage when using the filesystem cache

When reading a file into a Buffer and picking smaller slices of the Buffer
the small slices still keep a reference to the large original Buffer.
The leads to increased memory usage. A fix would be to clone the slice into
a smaller Buffer when wasting too much memory, but this has a performance cost.
There is now a new option cache.allowCollectingMemory which controls that.
For one-off builds you probably want allowCollectingMemory: false and
for watch builds you probably want allowCollectingMemory: true.
It defaults to false in production mode and true in development mode.

v5.34.0

Compare Source

Features

  • add support for empty string in resolve.extensions and handle them in this order
  • add pnpapi as builtin external when using target: "node"

Bugfixes

  • fix a bug where chunks filenames where not included in runtime when using splitChunks and runtimeChunk with target: "node"
  • fix deprecation message from LimitChunkCountPlugin

Performance

  • precompile schemas into functions to avoid schema compilation overhead
  • fix performance regression when storing the cache
  • performance improvement for snapshot file iterators

Developer Experience

  • remove removed store: 'idle' from schema description

v5.33.2

Compare Source

Bugfix

  • handle falsy entry options correctly

v5.33.1

Compare Source

Bugfix

  • fix passing publicPath to this.importModule

v5.33.0

Compare Source

Features

  • adds support for specifying a publicPath per entrypoint
    • add entry.xxx.publicPath option

Bugfix

  • disable injection of chunk loading logic for executeModule

Performance

  • performance improvements for export * and reexports

v5.32.0

Compare Source

Features

  • add support for a pseudo extensions .webpack[type] (e. g. .webpack[javascript/auto]) to specify the default module type when no other module type is specified
    • to be used with !=! inline syntax

Bugfixes

  • fixes incorrect cache invalidation when new properties are added to the DefinePlugin

Experiments

  • add experiments.executeModule to allow build-time execution of modules of the module graph
    • add this.importModule(request, options, [callback]): Promise to the loader context
    • add compilation.executeModule(request, options, callback) for plugins

v5.31.2

Compare Source

Bugfixes

  • revert disposing of CodeGenerationResults since some plugins rely on the fact that they are still accessible after the compilation

v5.31.1

Compare Source

Bugfixes

  • invalid hooks is no longer called twice for a compiler in a MultiCompiler

Memory

  • eliminated some memory leaks
  • dispose code generation results after sealing the compilation

Performance

  • improve performance of cache serialization by reducing number of write syscalls

v5.31.0

Compare Source

Features

  • add a few more options for infrastructure logging:
    • infrastructureLogging.colors: Enables/Disables colorful output.
    • infrastructureLogging.appendOnly: Only appends lines to the output. Avoids updating existing output e. g. for status messages.
    • infrastructureLogging.stream: Stream used for logging output. Defaults to process.stderr.
    • infrastructureLogging.console: Custom console used for logging.
    • When stream is an TTY colors is enabled and appendOnly is disabled. Otherwise it's flipped.

Bugfixes

  • Persistent Caching
    • fix caching crash when using fsevents in build dependencies
    • improve resolving of build dependencies when exports field is used
    • make problems during resolving build dependencies warnings instead of debug messages
  • prioritize static reexport over runtime reexport for target determination
    • This helps in optimization by no longer opting out of optimization when some other exports any dynamic (from commonjs or empty/type-only modules)
  • fix bug with subtraction of runtimes
    • This fixes a problem with concatenated modules in builds with multiple runtimes and force-merged shared chunks
  • ensure that entrypoints are always re-executed when HMR-updated
    • This fixes no longer updating pages when the entrypoint crashed

v5.30.0

Compare Source

Features

  • add GC to memory cache
    • opt-in via cache.maxGenerations when cache.type: "memory"
    • default for cache.type: "filesystem" and mode: "development"
    • configure via cache.maxMemoryGenerations when cache.type: "filesystem"
    • Generations = Rebuilds
  • add GC for untouched filesystem cache files
  • allow to configurate GC for the filesystem cache via cache.maxAge
  • allow to disable memory cache when using the filesystem cache with cache.maxMemoryGenerations: 0
  • Caches will be cleared on Compiler close resp Cache shutdown (after persisting for the filesystem cache)

Bugfixes

  • add a few workarounds for v8 bug that causes memory leaks in optimized code (only partially fixes it)
  • after serializing filesystem no longer keeps cache items in memory, instead it will read them from disk again when accessed

GC = Garbage Collection

v5.29.0

Compare Source

Bugfixes

  • fix some edge cases for splitChunks.maxSize which cause too large chunks to be created
  • add stats.groupModulesByType to the schema

Developer Experience

  • add resolving trace for error during resolving build dependencies
  • expose Stats-related types
  • exports AsyncDependenciesBlock and Module/Const/NullDependency on the API

v5.28.0

Compare Source

Features

  • add module.generator.asset.publicPath to configure a different publicPath for assets

Bugfixes

  • fixes a watch mode caching problem which was introduced in 5.26.0 when using the unsafe cache

Performance

  • improve serialization performance

v5.27.2

Compare Source

Bugfixes

  • fix error reporting when errors happen in beforeLoaders hook
  • avoid crash when experiments.lazyCompilation is used (regression)
  • fix lazy compilation opt-out when HMR accept/decline is used on an import()
  • fix new URL(new URL generated by worker handing

v5.27.1

Compare Source

Bugfix

  • allow invalidation after first watch run in MultiCompilers

v5.27.0

Compare Source

Features

  • add utils: { contextify(context, absolutePath), absolutify(context, request) } to loader context

Bugfixes

  • fix caching bug when split chunks of an entrypoint change and modules of the entrypoint stay equal
  • fix imports field handling
  • fix incorrect id assignment of record ids plugin
    • this causes ids changing unnecessary during watch mode
  • fix library exports when using onChunks in entry
    • This prevented using libraries with web target when using splitChunks for the initial chunks

v5.26.3

Compare Source

Bugfix

  • fix race condition in MultiCompiler queueing

v5.26.2

Compare Source

Bugfixes

  • fix problem with new line after comment
  • fix assign libraries with runtime chunk

v5.26.1

Compare Source

Bugfixes

  • avoid using strict mode runtime for assign libraries to allow assigning not existing variables
  • avoid collision with Set.addAll polyfill
  • allow filenames starting with ../ when generation the undo path for non-web targets

v5.26.0

Compare Source

Features

  • handle cache version automatically for DefinePlugin
    • Values no longer need to be defined as build dependencies
  • add more options for DefinePlugin.runtimeValue (file/context/missing/buildDependencies, version)

Bugfixes

  • fix a memory leak which happens in watch mode with caching when modules are removed from the compilation
  • fix usage of some arrow functions when es5 target is selected
  • chunk loading in workers now uses publicPath instead of relative paths
    • fixes a problem when worker file is in a child directory

v5.25.1

Compare Source

Bugfixes

  • fix startup logic when non-js chunks are in the entrypoint
  • remove type: "module" for Workers when generating classic scripts

v5.25.0

Compare Source

Features

  • Refactor the startup logic to improve library support
  • add __webpack_runtime_id__ to access the current runtime id
  • improve error handling for HMR
    • add second argument to self accept error handler to pass new module and module id
    • add error handler argument to dependency accept, passing error and module ids
  • add output.strictModuleErrorHandling to opt into stricter evaluation error handling semantics according to ESM spec
    • used by default when HMR is enabled
  • when ignoring a module used by new URL() this will result in an url to a empty file ("data:,")
  • add module.generator.asset.emit option to disable creating assets from asset modules (e. g. for SSR)

Bugfixes

  • fix problem when library options apply to a non-runtime chunk
  • fix crash in splitChunks.maxSize where negative indicies are accessed
  • fix sub-optimal splitting of splitChunks.maxSize in some cases when multiple size types are involved
  • fix a memory leak in AssetGenerator
  • fix usage of runtime globals in SharedPlugin to support HMR updates

Deprecations

  • deprecate output.strictModuleExceptionHandling (this is the CommonJS way of handling errors, and the name is weird)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@vercel
Copy link

vercel bot commented Mar 16, 2023

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
tempest-client ❌ Failed (Inspect) Jul 13, 2023 0:23am

@renovate renovate bot force-pushed the renovate/npm-webpack-vulnerability branch from e5d07b0 to ff25266 Compare July 13, 2023 12:23
@origamium origamium closed this Jul 13, 2023
@origamium origamium deleted the renovate/npm-webpack-vulnerability branch July 13, 2023 12:24
@renovate
Copy link
Contributor Author

renovate bot commented Jul 13, 2023

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (5.76.0). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant