Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade workbox-build from 6.0.0-alpha.1 to 6.0.0 #2

Open
wants to merge 1 commit into
base: v6
Choose a base branch
from
Open

[Snyk] Upgrade workbox-build from 6.0.0-alpha.1 to 6.0.0 #2

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade workbox-build from 6.0.0-alpha.1 to 6.0.0.

:sparkles: Snyk has automatically assigned this pull request, [set who gets assigned](https://app.snyk.io/org/hafixo/project/f067a9e6-efc5-4afb-8950-240b034aec51/settings/integration?utm_source=github&utm_medium=upgrade-pr/settings/integration).

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 4 versions ahead of your current version.
  • The recommended version was released 22 days ago, on 2020-11-30.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Arbitrary Code Injection
SNYK-JS-SERIALIZEJAVASCRIPT-570062		 706/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.7		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: workbox-build
  • 6.0.0 - 2020-11-30
    Read more
  • 6.0.0-rc.0 - 2020-11-16

    Overview of Workbox v6

    We're happy to announce the first release candidate of Workbox v6! We do not anticipate any more breaking changes in between now and the official v6 release.

    In addition to the changes outlined in the previous release notes, the following has changed since Workbox v5.

    🎉 What's New?

    workbox-recipes

    This release includes a new module, workbox-recipes, that combines common routing and caching strategy configurations into ready-to-use code that can be dropped in to your service worker.

    You can read more about what's included in the first batch of recipes, as well as how to use them, in #2664.

    webpack v5 compatibility improvements

    This release includes additional bug fixes for better compatibility with webpack. As of this release, workbox-webpack-plugin requires webpack v4.40.0 or later (for those still on the v4.x branch) or webpack v.5.4.0 or later (for those who have updated to webpack v5.x).

    workbox-webpack-plugin will also now take advantage of the immutable metadata that webpack automatically adds to hashed assets. In most cases, this means that explicitly using dontCacheBustURLMatching in your workbox-webpack-plugin configuration is no longer necessary.

    See #2651, #2673, and #2675.

    Thanks!

    Thank you to @ dermoumi for their contributions to this release.

    Installation of the latest pre-release version

    We are using the next tag in npm for the current pre-release version. To install a given module use, e.g., npm install --save-dev workbox-webpack-plugin@next.

  • 6.0.0-alpha.3 - 2020-10-12

    Overview of Workbox v6

    We're happy to announce the third alpha release of Workbox v6! In addition to the changes outlined in the previous release notes, the following has changed since Workbox v5.

    🎉 What's New?

    Under-the-hood workbox-precaching improvements

    This release includes a substantial rewrite to the implementation of workbox-precaching, to build on top of other standard Workbox idioms (like Routes, Strategy subclasses, and custom plugins) as much as possible. There are a few breaking changes, described in the follow section, but they are mostly limited to uncommon use cases, when PrecacheController is instantiated directly. For the most part, these changes are meant to be invisible to developers, but should lead to be better consistency in how routing and request handling works across all of Workbox.

    You can read more about what's change in #2638

    webpack v5 compatibility

    As of this release, workbox-webpack-plugin should be compatible with webpack v5.0.0. We have also raised the minimum required version of webpack to v4.4.0, which should be a straightforward upgrade for developers who need to remain on webpack v4.x.

    While all of the public interfaces remain the same, signfifcant changes were made to the code used to determine which webpack assets make it into your precache manifest. These take advantage of new methods that were added in webpack v4.4.0, and which have to be used in webpack v5.0.0. We encourage developers to test workbox-webpack-plugin carefully, and raise issues if you find discrepencies like URLs missing from your precache manifest! This applies whether you are remaining on webpack v4.4.0, or are upgrade to webpack v5.0.0.

    Note: At this time, workbox-webpack-plugin has issues detecting the correct URLs for HTML assets created by html-webpack-plugin in webpack v5.0.0. You can follow jantimon/html-webpack-plugin#1522 for updates.

    cacheKeyWillBeUsed can be used to cache non-GET requests

    Only GET requests can be used as cache keys, but there are scenarios in which you might want to use a combination of plugins to transform a POST or PUT request into a cacheable GET request.

    You can now use the cacheKeyWillBeUsed lifecycle callback in a plugin to return a GET request with whatever URL you'd like to use as a cache key, and that can then allow the response associated with a POST or PUT to be cached.

    See #2615 for more details. Thanks to @ markbrocato for their contribution.

    ⚠️ Breaking Changes

    workbox-precaching

    Note: The following changes primarily apply to direct usage of the PrecacheController class. Most developers don't use PrecacheController directly, and instead use static helper methods like precacheAndRoute() exported by workbox-precaching. [#2639]

    • The PrecacheController constructor now takes in an object with specific properties as its parameter, instead of a string. This object supports the following properties: cacheName (serving the same purpose as the string that was passed in to the constructor in v5), plugins (replacing the addPlugins() method from v5), and fallbackToNetwork (replacing the similar option that was passed to createHandler() and `createHandlerBoundToURL() in v5).

    • The install() and activate() methods of PrecacheController now take exactly one parameter, which should be set to a corresponding InstallEvent or ActivateEvent, respectively.

    • The addRoute() method has been removed from PrecacheController. In its place, the new PrecacheRoute class can be used to create a route that you can then register.

    • The precacheAndRoute() method has been removed from PrecacheController. (It still exists as a static helper method exported by the workbox-precaching module.) It was removed because PrecacheRoute can be used instead.

    • The createMatchCalback() method has been removed from PrecacheController. The new PrecacheRoute can be used instead.

    • The createHandler() method has been removed from PrecacheController. The strategy property of the PrecacheController object can be used to handle requests instead.

    • The createHandler() static export has already been removed from the workbox-precaching module. In its place, developers should construct a PrecacheController instance and use its strategy property.

    • The route registered with precacheAndRoute() is now a "real" route that uses workbox-routing's Router class under the hood. This may lead to a different evaluation order of your routes if you interleave calls to registerRoute() and precacheAndRoute(). See #1857 and #2402 for more details.

    workbox-webpack-plugin

    • The minimum required version of webpack has been increased to v4.4.0. (See previous section for other webpack updates.) [#2641]

    Installation of the latest pre-release version

    We are using the next tag in npm for the current pre-release version. To install a given module use, e.g., npm install --save-dev workbox-webpack-plugin@next.

  • 6.0.0-alpha.2 - 2020-08-14

    Workbox v6.0.0-alpha.2 includes updates to various underlying npm dependencies, but is otherwise identical to the previous v6.0.0-alpha.1 release.

    Installation of the latest pre-release version

    We are using the next tag in npm for the current pre-release version. To install a given module use, e.g., npm install --save-dev workbox-webpack-plugin@next.

  • 6.0.0-alpha.1 - 2020-07-23
    Read more
from workbox-build GitHub release notes
Commit messages
Package name: workbox-build

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

👩‍💻 Set who automatically gets assigned

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot