[Snyk] Upgrade webpack from 5.30.0 to 5.49.0

[snyk-bot]

Snyk has created this PR to upgrade webpack from 5.30.0 to 5.49.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 33 versions ahead of your current version.
• The recommended version was released 22 days ago, on 2021-08-06.

Release notes

Package name: webpack

• 5.49.0 - 2021-08-06
  

  Features

  • add experiments.buildHttp to build http(s):// imports instead of keeping them external
    • keeps a webpack.lock file with integrity and webpack.lock.data with cached content that should be committed
    • Automatically upgrades lockfile during development when remote resources change
      (might be disabled with experiments.buildHttp.upgrade: false)
    • Lockfile is frozen during production builds and usually no network requests are made
      (exception: Cache-Control: no-cache).
    • The webpack.lock.data persisting can be disabled with experiments.buildHttp.cacheLocation: false.
      That will will introduce a availability risk.
      (webpack cache will be used to cache network responses)

  Bugfixes

  • fix HMR infinite loop (again)
  • fix rare non-determinism with splitChunks.maxSize introduces in the last release
  • optional modules no longer cause the module to fail when bail is set
  • fix typo in records format: chunkHashs -> chunkHashes

  Performance

  • limit the number of parallel generated chunks for memory reasons
• 5.48.0 - 2021-08-02
  

  Features

  • enable import assertions again

  Bugfixes

  • upgrade webpack-sources for fixes regarding source maps
  • fix infinite loop in HMR runtime code
• 5.47.1 - 2021-07-29
  

  Bugfixes

  • upgrade webpack-sources for a bunch of bugfixes regarding source maps and missing chars in output
• 5.47.0 - 2021-07-27
  

  Performance

  • improve source-map performance

  Bugfixes

  • avoid unnecessary "use strict"s in module mode
• 5.46.0 - 2021-07-22
  

  Features

  • status handlers in HMR api can now return Promises to delay the HMR process
  • reasons in stats can now be grouped and collapsed
    • add stats.reasonsSpace and stats.groupReasonsByOrigin

  Bugfixes

  • fix a crash in asset modules when updating persistent cached modules from unsafe cached modules

  Performance

  • detailed preset limits all spaces to 1000 by default
  • upgrade webpack-sources for a performance bugfix
• 5.45.1 - 2021-07-16
  

  Bugfixes

  • temporary revert import assertions because parser changes break the word assert in other places
  • import(/* webpackPrefetch: true */ ...) no longer breaks library output
  • DataURL tries to avoid re-encoding
  • fix problems with DataURL encoding in some cases
• 5.45.0 - 2021-07-16
  

  Features

  • add support to import assertions

  Bugfixes

  • SourceMaps will now also be added to .cjs output files
  • fix non-system externals in a system library

  Performance

  • avoid copying timestamps from the watcher to the compiler

  Contributing

  • update to jest 27
• 5.44.0 - 2021-07-08
  

  Features

  • add support for output.module + optimization.runtimeChunk

  Bugfixes

  • fix inline externals with dash in type
• 5.43.0 - 2021-07-06
  

  Features

  • support runtime: false in entry description to disable runtime chunk
  • support runtime option in ModuleFederationPlugin and ContainerPlugin

  Bugfixes

  • fix "module" externals when concatenated

  Performance

  • serialize JSON data as buffer and parse on demand for performance and to avoid performance warning
• 5.42.1 - 2021-07-05
  

  Bugfixes

  • fix crashes when rebuilding with jsonData or dataUrl of undefined
• 5.42.0 - 2021-07-02
• 5.41.1 - 2021-06-29
• 5.41.0 - 2021-06-28
• 5.40.0 - 2021-06-21
• 5.39.1 - 2021-06-17
• 5.39.0 - 2021-06-14
• 5.38.1 - 2021-05-27
• 5.38.0 - 2021-05-27
• 5.37.1 - 2021-05-19
• 5.37.0 - 2021-05-10
• 5.36.2 - 2021-04-30
• 5.36.1 - 2021-04-28
• 5.36.0 - 2021-04-27
• 5.35.1 - 2021-04-23
• 5.35.0 - 2021-04-21
• 5.34.0 - 2021-04-19
• 5.33.2 - 2021-04-14
• 5.33.1 - 2021-04-14
• 5.33.0 - 2021-04-14
• 5.32.0 - 2021-04-12
• 5.31.2 - 2021-04-09
• 5.31.1 - 2021-04-09
• 5.31.0 - 2021-04-07
• 5.30.0 - 2021-04-01

from webpack GitHub release notes

Commit messages

Package name: webpack

• d386838 5.49.0
• 150d370 Merge pull request Adding schematics short alias to angular.json angular/angular-cli#13918 from privatenumber/hashes-typo
• f8acab3 Merge pull request build: update speed-measure-webpack-plugin to version 1.3.1 angular/angular-cli#13944 from webpack/bugfix/11594
• 9e735a7 Merge pull request build: update raw-loader to version 2.0.0 angular/angular-cli#13943 from webpack/bugfix/split-chunks-max-size-deterministic
• c6856e2 optional modules will not fail the build when bail is set
• 0605b88 fix indeterminism with splitChunks.maxSize
• a6e9f59 Merge pull request New Architect API server builder angular/angular-cli#13932 from webpack/bugfix/infinite-loop
• d77d863 Merge pull request feat(@angular-devkit/build-angular): enable webpack profile when usin… angular/angular-cli#13925 from webpack/feature/http-urls
• 9bf6797 fix resolving context for redirects
• 30ebedd fix handling of new URL() in remote resources
• 57dac0e remove x-import-url handling
• e3b8c39 omit resolved property in lockfiles when equal to key
• 0ad9316 fix hmr check returning empty array
• f6726a1 Revert "Merge pull request feat(@angular-devkit/build-ng-packagr): implement stable architect API angular/angular-cli#13877 from axules/bugfix/hot-poll-infinity"
• b6609a4 add `experiments.buildHttp`
• 6d24d11 Merge pull request feat(@angular-devkit/build-webpack): report emitted files angular/angular-cli#13928 from webpack/perf/limit-parallel-chunk-generation
• 0ae059f limit the number of parallel generated chunks
• 6bce752 fix: chunkHashes typo
• 67f3aef 5.48.0
• 747c20b Merge pull request build: update autoprefixer to version 9.4.10 angular/angular-cli#13815 from xtuc/sven/bump-acorn-import-assertions-1.7.2
• dad2aca Merge pull request test: comment out broken assertion angular/angular-cli#13911 from webpack/bugfix/webpack-sources
• 1c1af83 Merge pull request feat(@angular-devkit/build-ng-packagr): implement stable architect API angular/angular-cli#13877 from axules/bugfix/hot-poll-infinity
• c3a12b7 upgrade webpack-sources to 3.2.0
• 551f64a fix empty updatedModules check

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[mistaken-pull-closer]

Thanks for your submission.

It appears that you've created a pull request using one of our repository's branches. Since this is
almost always a mistake, we're going to go ahead and close this. If it was intentional, please
let us know what you were intending and we can see about reopening it.

Thanks again!

[pull-dog]

*Ruff* 🐶 I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file 😩 Make sure the given paths are correct.

Files checked:

• docker-compose.yml

What is this?

Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a docker-compose.yml file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available.

Visit our website to learn more.

Commands

• @pull-dog up to reprovision or provision the server.
• @pull-dog down to delete the provisioned server.

Troubleshooting

Need help? Don't hesitate to file an issue in our repository

Configuration

{
  "isLazy": false,
  "dockerComposeYmlFilePaths": [
    "docker-compose.yml"
  ],
  "expiry": "00:00:00",
  "conversationMode": "singleComment"
}

Trace ID
aa126510-07b5-11ec-8949-e32c1f3443f4