Skip to content
This repository has been archived by the owner on Sep 27, 2022. It is now read-only.

Update dependency webpack to v3 #191

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

mend-for-jackfan.us.kg[bot]
Copy link

This PR contains the following updates:

Package Type Update Change
webpack dependencies major ^1.13.0 -> ^3.0.0

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score CVE
High High 9.8 CVE-2018-1000620
High High 9.8 CVE-2021-44906
High High 9.8 CVE-2021-44906
High High 8.8 CVE-2018-3728
High High 7.8 CVE-2021-43138
High High 7.8 CVE-2021-43138
High High 7.5 CVE-2020-28469
Medium Medium 5.6 CVE-2020-7598
Medium Medium 5.6 CVE-2020-7598
Medium Medium 5.3 CVE-2017-16028

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score CVE
High High 9.8 CVE-2018-16492
High High 9.8 CVE-2018-3750
High High 9.8 CVE-2021-3918
High High 8.6 CVE-2021-37701
High High 8.6 CVE-2021-37712
High High 8.6 CVE-2021-37713
High High 8.1 CVE-2021-32803
High High 8.1 CVE-2021-32804
High High 7.5 CVE-2017-15010
High High 7.5 CVE-2018-20834
High High 7.5 CVE-2018-3737
High High 7.5 CVE-2019-13173
High High 7.3 CVE-2020-7788
Medium Medium 6.5 CVE-2018-21270
Medium Medium 5.6 CVE-2020-15366
Medium Medium 5.3 CVE-2017-16137
Medium Medium 4.8 WS-2018-0103

Release Notes

webpack/webpack

v3.11.0

Compare Source

Features

  • Parser supports new Foo expressions
  • Evaluator supports bitwise and exponential operator
  • Many config options supporting placeholder now also support functions
  • add jsonpScriptType to specify script type for lazy loaded script tags
  • update ajv

Bugfixes

  • allow ident in schema
  • ident is not lost when referencing by ident
  • Prefer process.exitCode instead of process.exit
  • workaround for bluebird warning in hot/signal
  • Errors in child compilation now lead to global error
  • Initial chunk are no longer part of the chunk manifest and no longer contribute to the hash
  • don't crash on arrays with empty items
  • workaround for node 8 and 9 bug while reading empty env values

v3.10.0

Compare Source

Features:

  • add publicPath and fileContext to SourceMapDevToolPlugin
  • require.include no longer uses all exports (Tree Shaking)

v3.9.1

Compare Source

Bugfixes:

  • add ignored and stdin to schema of watchOptions

v3.9.0

Compare Source

Features

  • add more descriptions to the schema for better validation errors
  • Handle arrow functions in AMD define/require

Bugfixes

  • added stats.all option to schema
  • UMD uses self before this as global object
  • Use window instead of this in JSONP
  • handle null in SourceMap correctly
  • Use Error name instead of instanceof to check for validation Error
  • Respect node.js deprecation configuration for some deprecation messages in webpack
  • Generate shorter identifiers for ConcatenatedModules to save memory
  • fix increasing delay when using HMR with multiStep: true

v3.8.1

Compare Source

Bugfixes:

  • add missing keys to stats schema for validation

v3.8.0

Compare Source

Features:

  • It's now possible to include the --env data in stats (@​jbottigliero)
  • There is a warning when trying to load a initial chunk with import() or require.ensure now (@​sokra)

Bugfixes:

  • fix a race condition for ENOENT errors (@​simon-paris)
  • chunk reasons comments are now set more consistent (@​sokra)
  • fix schema for stats and be more strict (@​jbottigliero)
    • This may lead to errors if you've provided wrong properties.
  • remove the absolute path from the parser error message (@​sokra)
  • fix changed behavior when loading a initial chunk on demand (@​sokra)

Performance

  • chunk graph is now build in breath-first traversal, which is faster (@​sokra)
  • fix a performance problem in some edge cases (@​sokra)

v3.7.1

Compare Source

Bugfixes

  • fix crash for undefined optional in ExternalModule (@​STRML)

v3.7.0

Compare Source

Features

Bugfixes

Performance

  • fixes a performance problem with many ESM import/exports in a module (@​sokra)
  • fixes a performance problem with heavily circular/interconnected chunks graphs (@​sokra)

v3.6.0

Compare Source

Bugfixes

  • Using folder names on CLI now correctly uses folder as entry (@​gyandeeps)
  • Assign correct cache object to child compiler (@​sokra)

v3.5.6

Compare Source

Bugfixes

  • --watch-poll also accepts a number now (@​civalin)
  • optimization bailout messages are now correctly cleared on incremental compilation (@​STRML)
  • (back)slashes in querystring are not correctly handled when making the request relative to context (@​donocode)
  • orginalError -> originalError in HMR API (@​sokra)
  • fix Cannot read property '0' of undefined in harmony modules (@​sokra)
  • Handle require to root of concatenated module correctly and don't generate __webpack_require__(null) (@​sokra)
  • No longer use async as variable name (@​sokra)
  • Object in options are now cloned when applying defaults (@​sokra)

Performance

v3.5.5

Compare Source

Bugfixes:

  • fixes a bug where modules where incorrectly removed from chunks resulting in call on undefined errors (can happen when using externals and CommonChunkPlugin)
  • Modules no longer loose __esModule flag on incremental build with ModuleConcatenationPlugin
  • __esModule flag is now only set when needed with the ModuleConcatenationPlugin

v3.5.4

Compare Source

Bugfixes

  • Warnings and errors contribute to hash, which shows stats on warning-only change
  • HMR: avoid crash when calling accept handler on disposed module
  • HMR: disable Scope Hoisting for modules using HMR
  • restore backwards compatibility of ConcatenatedModule (@​kisenka)

Features:

  • Add option to limit the number of parallel processed modules (parallelism)

v3.5.3

Compare Source

Bugfixes

  • fixes a name conflict with the ModuleConcatenationPlugin

v3.5.2

Compare Source

Bugfixes:

  • fixes stack overflow with circular dependencies (ModuleConcatenationPlugin)

v3.5.1

Compare Source

Bugfixes:

  • fix invalid syntax when using non-number ids with Scope Hoisting

v3.5.0

Compare Source

Features:

  • add stats.excludeAssets to allow to filter assets in list (@​ldrick)
  • add import(/* webpackMode: "weak" */ "module") to try to load a module without network request (@​faceyspacey)
  • add 4. argument to require.context which is the context mode. Can be false, "eager", "lazy-once", "weak" and "async-weak". (@​faceyspacey)
  • require.resolveWeak now support expressions (@​faceyspacey)
  • generate only a single require for modules references in scope-hoisted modules (ModuleConcatenationPlugin)

Bugfixes:

  • keep correct import order when using the ModuleConcatenationPlugin
  • Generate shorter, more readable identifiers in ConcatenatedModule
  • --help output is flushed before process exit (@​esbenp)
  • exit code is reliable reported for CLI validation error (@​polomsky)
  • stats options are now validated by schema (@​esbenp)
  • fixes problem when using the CommonsChunkPlugin in async mode without name argument
  • fixes description of --resolve-extensions (@​tomek-d)
  • fixes has no internal name when using dependency variable in root of scope-hoisted modules (ModuleConcatenationPlugin)

Examples:

v3.4.1

Compare Source

Bugfixes:

  • fix incorrect warnings about exports when using the DllReferencePlugin

v3.4.0

Compare Source

Features:

  • Improved optimization bailout messages
  • NamedModulesPlugins and HashedModuleIdsPlugin work now properly with delegated modules (DllReferencePlugin) and externals.
  • add --config-name option to choose a config by name for compiling a part of the config
  • Improved error message when parsing in ModuleConcatenationPlugin fails
  • Upgrade a lot of dependencies
  • Child compilation names are not relative in stats

Bugfixes:

  • Fix setting boolean options in configuration (profile, bail)
  • Fix "uncatched" exception in HMR runtime code
  • Fix two cases where ModuleConcatenationPlugin crashes (missing internal name)
    • Concatating delegated modules (from Dlls)
    • reference to the default export of the root module
  • Fix --module-bind-pre and --module-bind-post

Performance:

  • Performance improvements in
    • SourceMapDevToolPlugin
    • AggressiveSplittingPlugin
    • NormalModule variable injection
    • Parser
    • RecordIdsPlugin
    • Stats

v3.3.0

Compare Source

Features:

  • HMR logging now displays an expandable shorter module id.

Bugfixes:

  • Fix refactoring typo this.compiler.compiler is not a function
  • NormalModule source can be cache between compilations (performance for incremental builds)
  • webpack now also watches when missing directories are added (i. e. when a module was missing and is installed)

v3.2.0

Compare Source

Bugfixes:

  • fix duplicate entries in SourceMaps.
  • call imported functions with correct context.
  • support strictThisContextOnImports in ConcatenatedModules.
  • fix a bug which prevents parsing arguments for imported function calls when using strictThisContextOnImports.
  • support nested .call() renames of this.
  • fix typeof with require.resolve(Weak).
  • fix hashing with ConcatenatedModules.

v3.1.0

Compare Source

Features:

  • Allow different library names for UMD
  • Support for passing a defined identifier as this in a IIFE
  • Use the new resolve performance option cacheWithContext: false by default when it's safe
  • Support array of functions as configuration
  • add sortModules to Chunk which is required in extract-text-plugin to support webpack 3

Bugfixes:

  • ! with truthy webpack identifier will evaluate correctly
  • assets and dependencies are preserved in concatenated modules
  • Fix some internal usage of deprecated APIs

v3.0.0

Compare Source

Changes from 2.6.1 to 3.0.0

Features

  • node_modules no longer mangle to ~ in stats [breaking change]
  • timeout for HMR requests is configurable
  • added experimental Scope Hoisting (webpack.optimize.ModuleConcatenationPlugin)
  • some performance improvements
  • added output.libraryExport to select an export for the library
  • sourceMapFilename now supports [contenthash] [breaking change]
  • module.noParse supports functions
  • add node: false option to disable all node specific additions

Bugfixes

  • add workaround for breakpoints in eval source maps (chrome)
  • avoid creating redundant connections in chunk graph
  • enable chunk modules in stats by default
  • add special behavior when using CommonsChunkPlugin with only async option
  • error is shown when hot-only HMR fails
  • fixed a few issues with weird stats output [breaking change]
  • fixed a bug in occurrence order plugin [breaking change]
  • optimization plugins now only affect the current compilation [breaking change]
  • context now also include index files [breaking change]
  • require.resolve evaluate truthy [breaking change]
  • import order no longer adds to hash
  • Hashing for RawModule fixed

Internal changes

  • child compilations get records and cache assigned (they need a unique name) [breaking change]
  • Set is used for Child.modules, Module.chunks, Reason.chunks [breaking change]
  • uglifyjs-plugin is moved into separate repository

Changes from 3.0.0-rc.2 to 3.0.0

Bugfixes

  • fix duplicate dependencies in ConcatenatedModule
  • Hashing for RawModule fixed

Internal changes

  • uglifyjs-plugin is moved into separate repository

v2.7.0

Compare Source

Features:

  • add resolve.cacheWithContext to schema
  • add workaround for chrome with eval-source-maps
  • update webpack-sources for performance reasons
  • allow [contenthash] in sourceMapFilename as workaround for a caching bug

v2.6.1

Compare Source

Bugfixes:

  • Promise is now only needed when loading chunk, not in initialization
  • variable injection in require.ensure is now working again
  • better comment message when no export found (output.pathinfo)

v2.6.0

Compare Source

Features:

  • add webpackMode comment option for import()
  • add output.chunkLoadTimeout

Bugfixes:

  • fixed providing webpackChunkName for import() with expression
  • fixed parsing of destructing in assignment
  • fixed some edge cases when parsing declarations

v2.5.1

Compare Source

Bugfixes:

  • Fix crash when error happens while watching
  • Fix hoisting of exports

v2.5.0

Compare Source

Bugfixes:

  • add hashSalt to schema
  • webpack's source code no longer contains sourceMappingURL, which caused issues with some tools
  • Added missing semicolon in dll-imported modules
  • DllPlugin manifest is smaller (not pretty printed)
  • CommonsChunkPlugin in async mode doesn't extract from initial chunks

Features:

  • allow placeholders in the BannerPlugin
  • add option to disable the module trace in stats

v2.4.1

Compare Source

Bugfixes:

  • Fix scope analysis in function declarations

v2.4.0

Compare Source

Highlighted Features:

import() now allows to configure a chunk name

import(/* webpackChunkName: "my-chunk-name" */ "module")

require.ensure has a error callback

require.ensure([], () => {
    require("a");
}, err => {
    console.error("We failed to load chunk: " + err);
}, "chunk-name");

Features:

  • update to acorn 5
  • resolve context is provided to resolver
  • add warningsFilter to stats options to filter warnings
  • add __webpack_chunkname__ to ExtendedAPIPlugin
  • support string chunk ids
  • add NamedChunksPlugin which allows to set chunk id, i. e. to chunk name
  • allow to provided different watch options for multiple compilations
  • add error handler callback to require.ensure
  • add chunk name option for import()

Bugfixes:

  • main flag for HMR is set correctly
  • ignored modules are now context-agnositic
  • recorded paths are now platform-agnositic
  • fix for local AMD modules which wrap commonjs
  • erros now print more detailed message when logged
  • fix missing SourceMaps for non-entry chunks after rebuild
  • variables now hoist in scope

v2.3.3

Compare Source

Bugfixes:

  • fix progress in multi compiler

v2.3.2

Compare Source

Bugfixes:

  • Fix performance issue with cheap-source-maps
  • Fix a line offset issue with cheap-source-maps
  • Allow lowercased drive letters as absolute paths (not recommended)
  • Improve some error reporting

v2.3.1

Compare Source

Bugfixes:

  • add stacktrace when calling emitWarning/Error from loader with non-Error value
  • remove extra newline in absolute/relative path validation
  • fix crash in MinChunkSizePlugin

v2.3.0

Compare Source

Features:

  • add extensions option to DllReferencePlugin
  • add warningsFilter to UglifyJsPlugin to hide warnings selectively
  • add extractComments to UglifyJsPlugin to move kept comments into separate file (i. e. LICENSE file)
  • validate relative and absolute paths in configuration
  • validate stats options
  • allow to match on compiler (name in configuration) in rules
    • i. e. allows to specify different rules for extract-text-webpack-plugin or html-webpack-plugin
  • Allow to pass multiple entries via CLI
  • Performance improvements
  • CommonsChunkPlugin give errors on incorrect options
  • add module.strictExportPresence to make missing export an error instead of warning
  • Compiler emits watch-close event when the watcher is closed
  • Allow additional compress options in UglifyJsPlugin
  • empty chunk numbers are not flags in every chunk, this improves caching invalidation

Bugfixes:

  • OccurrenceOrderPlugin now counts occurrences correctly
  • Fix cheap-source-maps when combined with ES Modules (lines were offset)
  • Watcher now detects file deleting correctly
  • Resolve output path if relative output path is given via CLI
  • Handle stack traces in errors correctly
  • Some usages of System now generate valid code i. e. System.global
  • Dynamic property names are now parsed and can contain webpack stuff (i. e. imports)
  • Empty enviroment variables are now supported in the EnvironmentPlugin
  • (Maybe) Fixes chunk loading in IE when script is cached

Notes

The validation now fails when passing absolute paths with lowercase drive letter on windows.
(i. e. c:\work\stuff instead of C:\work\stuff)

Lowercase drive letters will cause weird errors (node.js behavior is inconsistent about drive letter casing) in some cases.

So please fix the paths in your shell resp. your tooling and always call webpack with uppercase drive letter. Don't use lowercase drive letters.

v2.2.1

Compare Source

Bugfixes:

  • ident is no longer required, but it will choose one automatically
  • DefinePlugin no longer generates invalid code when using nested objects without semicolons

Features:

  • You can provide defaults and silence warnings of the EnvironmentPlugin now

v2.2.0

Compare Source

The first webpack 2 release

No changes here. It's equal to the last RC, but with an updated version number.

Here is a migration guide if you want to migrate from webpack 1 to webpack 2.

Here is a blog post about the release.

Here is the documentation for webpack 2. It's new!


  • If you want to rebase/retry this PR, click this checkbox.

@mend-for-jackfan.us.kg mend-for-jackfan.us.kg bot added the security fix Security fix generated by Mend label Sep 22, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
security fix Security fix generated by Mend
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants