[Snyk] Upgrade webpack from 4.44.1 to 5.33.2

[snyk-bot]

Snyk has created this PR to upgrade webpack from 4.44.1 to 5.33.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 143 versions ahead of your current version.
• The recommended version was released 25 days ago, on 2021-04-14.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Remote Memory Exposure SNYK-JS-BL-608877	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service SNYK-JS-NODEFETCH-674311	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: webpack

• 5.33.2 - 2021-04-14
  

  Bugfix

  • handle falsy entry options correctly
• 5.33.1 - 2021-04-14
  

  Bugfix

  • fix passing publicPath to this.importModule
• 5.33.0 - 2021-04-14
  

  Features

  • adds support for specifying a publicPath per entrypoint
    • add entry.xxx.publicPath option

  Bugfix

  • disable injection of chunk loading logic for executeModule

  Performance

  • performance improvements for export * and reexports
• 5.32.0 - 2021-04-12
  

  Features

  • add support for a pseudo extensions .webpack[type] (e. g. .webpack[javascript/auto]) to specify the default module type when no other module type is specified
    • to be used with !=! inline syntax

  Bugfixes

  • fixes incorrect cache invalidation when new properties are added to the DefinePlugin

  Experiments

  • add experiments.executeModule to allow build-time execution of modules of the module graph
    • add this.importModule(request, options, [callback]): Promise to the loader context
    • add compilation.executeModule(request, options, callback) for plugins
• 5.31.2 - 2021-04-09
  

  Bugfixes

  • revert disposing of CodeGenerationResults since some plugins rely on the fact that they are still accessible after the compilation
• 5.31.1 - 2021-04-09
  

  Bugfixes

  • invalid hooks is no longer called twice for a compiler in a MultiCompiler

  Memory

  • eliminated some memory leaks
  • dispose code generation results after sealing the compilation

  Performance

  • improve performance of cache serialization by reducing number of write syscalls
• 5.31.0 - 2021-04-07
  

  Features

  • add a few more options for infrastructure logging:
    • infrastructureLogging.colors: Enables/Disables colorful output.
    • infrastructureLogging.appendOnly: Only appends lines to the output. Avoids updating existing output e. g. for status messages.
    • infrastructureLogging.stream: Stream used for logging output. Defaults to process.stderr.
    • infrastructureLogging.console: Custom console used for logging.
    • When stream is an TTY colors is enabled and appendOnly is disabled. Otherwise it's flipped.

  Bugfixes

  • Persistent Caching
    • fix caching crash when using fsevents in build dependencies
    • improve resolving of build dependencies when exports field is used
    • make problems during resolving build dependencies warnings instead of debug messages
  • prioritize static reexport over runtime reexport for target determination
    • This helps in optimization by no longer opting out of optimization when some other exports any dynamic (from commonjs or empty/type-only modules)
  • fix bug with subtraction of runtimes
    • This fixes a problem with concatenated modules in builds with multiple runtimes and force-merged shared chunks
  • ensure that entrypoints are always re-executed when HMR-updated
    • This fixes no longer updating pages when the entrypoint crashed
• 5.30.0 - 2021-04-01
  

  Features

  • add GC to memory cache
    • opt-in via cache.maxGenerations when cache.type: "memory"
    • default for cache.type: "filesystem" and mode: "development"
    • configure via cache.maxMemoryGenerations when cache.type: "filesystem"
    • Generations = Rebuilds
  • add GC for untouched filesystem cache files
  • allow to configurate GC for the filesystem cache via cache.maxAge
  • allow to disable memory cache when using the filesystem cache with cache.maxMemoryGenerations: 0
  • Caches will be cleared on Compiler close resp Cache shutdown (after persisting for the filesystem cache)

  Bugfixes

  • add a few workarounds for v8 bug that causes memory leaks in optimized code (only partially fixes it)
  • after serializing filesystem no longer keeps cache items in memory, instead it will read them from disk again when accessed

  GC = Garbage Collection

• 5.29.0 - 2021-04-01
  

  Bugfixes

  • fix some edge cases for splitChunks.maxSize which cause too large chunks to be created
  • add stats.groupModulesByType to the schema

  Developer Experience

  • add resolving trace for error during resolving build dependencies
  • expose Stats-related types
  • exports AsyncDependenciesBlock and Module/Const/NullDependency on the API
• 5.28.0 - 2021-03-24
  

  Features

  • add module.generator.asset.publicPath to configure a different publicPath for assets

  Bugfixes

  • fixes a watch mode caching problem which was introduced in 5.26.0 when using the unsafe cache

  Performance

  • improve serialization performance
• 5.27.2 - 2021-03-22
• 5.27.1 - 2021-03-20
• 5.27.0 - 2021-03-19
• 5.26.3 - 2021-03-17
• 5.26.2 - 2021-03-16
• 5.26.1 - 2021-03-16
• 5.26.0 - 2021-03-15
• 5.25.1 - 2021-03-14
• 5.25.0 - 2021-03-12
• 5.24.4 - 2021-03-08
• 5.24.3 - 2021-03-03
• 5.24.2 - 2021-02-24
• 5.24.1 - 2021-02-23
• 5.24.0 - 2021-02-22
• 5.23.0 - 2021-02-18
• 5.22.0 - 2021-02-15
• 5.21.2 - 2021-02-07
• 5.21.1 - 2021-02-06
• 5.21.0 - 2021-02-05
• 5.20.2 - 2021-02-04
• 5.20.1 - 2021-02-03
• 5.20.0 - 2021-02-02
• 5.19.0 - 2021-01-29
• 5.18.0 - 2021-01-26
• 5.17.0 - 2021-01-22
• 5.16.0 - 2021-01-19
• 5.15.0 - 2021-01-15
• 5.14.0 - 2021-01-13
• 5.13.0 - 2021-01-11
• 5.12.3 - 2021-01-10
• 5.12.2 - 2021-01-09
• 5.12.1 - 2021-01-08
• 5.12.0 - 2021-01-08
• 5.11.1 - 2020-12-28
• 5.11.0 - 2020-12-17
• 5.10.3 - 2020-12-15
• 5.10.2 - 2020-12-15
• 5.10.1 - 2020-12-11
• 5.10.0 - 2020-12-04
• 5.9.0 - 2020-11-28
• 5.8.0 - 2020-11-26
• 5.7.0 - 2020-11-26
• 5.6.0 - 2020-11-19
• 5.5.1 - 2020-11-18
• 5.5.0 - 2020-11-17
• 5.4.0 - 2020-11-03
• 5.3.2 - 2020-10-29
• 5.3.1 - 2020-10-28
• 5.3.0 - 2020-10-27
• 5.2.1 - 2020-10-27
• 5.2.0 - 2020-10-22
• 5.1.3 - 2020-10-16
• 5.1.2 - 2020-10-15
• 5.1.1 - 2020-10-15
• 5.1.0 - 2020-10-13
• 5.0.0 - 2020-10-10
• 5.0.0-rc.6 - 2020-10-10
• 5.0.0-rc.5 - 2020-10-09
• 5.0.0-rc.4 - 2020-10-07
• 5.0.0-rc.3 - 2020-09-30
• 5.0.0-rc.2 - 2020-09-29
• 5.0.0-rc.1 - 2020-09-28
• 5.0.0-rc.0 - 2020-09-20
• 5.0.0-beta.33 - 2020-09-20
• 5.0.0-beta.32 - 2020-09-18
• 5.0.0-beta.31 - 2020-09-17
• 5.0.0-beta.30 - 2020-09-11
• 5.0.0-beta.29 - 2020-08-28
• 5.0.0-beta.28 - 2020-08-20
• 5.0.0-beta.27 - 2020-08-19
• 5.0.0-beta.26 - 2020-08-14
• 5.0.0-beta.25 - 2020-08-10
• 5.0.0-beta.24 - 2020-08-05
• 5.0.0-beta.23 - 2020-08-02
• 5.0.0-beta.22 - 2020-07-09
• 5.0.0-beta.21 - 2020-07-06
• 5.0.0-beta.20 - 2020-06-29
• 5.0.0-beta.19 - 2020-06-29
• 5.0.0-beta.18 - 2020-06-17
• 5.0.0-beta.17 - 2020-06-03
• 5.0.0-beta.16 - 2020-05-05
• 5.0.0-beta.15 - 2020-04-21
• 5.0.0-beta.14 - 2020-03-02
• 5.0.0-beta.13 - 2020-01-29
• 5.0.0-beta.12 - 2020-01-16
• 5.0.0-beta.11 - 2019-12-24
• 5.0.0-beta.10 - 2019-12-22
• 5.0.0-beta.9 - 2019-12-08
• 5.0.0-beta.8 - 2019-12-08
• 5.0.0-beta.7 - 2019-11-20
• 5.0.0-beta.6 - 2019-11-14
• 5.0.0-beta.5 - 2019-11-13
• 5.0.0-beta.4 - 2019-11-12
• 5.0.0-beta.3 - 2019-11-06
• 5.0.0-beta.2 - 2019-10-31
• 5.0.0-beta.1 - 2019-10-22
• 5.0.0-beta.0 - 2019-10-11
• 5.0.0-alpha.32 - 2019-10-11
• 5.0.0-alpha.31 - 2019-10-10
• 5.0.0-alpha.30 - 2019-10-07
• 5.0.0-alpha.29 - 2019-10-02
• 5.0.0-alpha.28 - 2019-09-26
• 5.0.0-alpha.27 - 2019-09-25
• 5.0.0-alpha.26 - 2019-09-08
• 5.0.0-alpha.25 - 2019-09-06
• 5.0.0-alpha.24 - 2019-09-05
• 5.0.0-alpha.23 - 2019-08-27
• 5.0.0-alpha.22 - 2019-08-23
• 5.0.0-alpha.21 - 2019-08-22
• 5.0.0-alpha.20 - 2019-08-14
• 5.0.0-alpha.19 - 2019-08-06
• 5.0.0-alpha.18 - 2019-07-08
• 5.0.0-alpha.17 - 2019-07-01
• 5.0.0-alpha.16 - 2019-06-14
• 5.0.0-alpha.15 - 2019-06-05
• 5.0.0-alpha.14 - 2019-05-23
• 5.0.0-alpha.13 - 2019-05-20
• 5.0.0-alpha.12 - 2019-05-10
• 5.0.0-alpha.11 - 2019-02-19
• 5.0.0-alpha.10 - 2019-02-07
• 5.0.0-alpha.9 - 2019-01-27
• 5.0.0-alpha.8 - 2019-01-19
• 5.0.0-alpha.7 - 2019-01-19
• 5.0.0-alpha.6 - 2019-01-15
• 5.0.0-alpha.5 - 2019-01-09
• 5.0.0-alpha.4 - 2019-01-08
• 5.0.0-alpha.3 - 2018-12-29
• 5.0.0-alpha.2 - 2018-12-26
• 5.0.0-alpha.1 - 2018-12-23
• 5.0.0-alpha.0 - 2018-12-21
• 4.46.0 - 2021-01-11
• 4.45.0 - 2021-01-08
• 4.44.2 - 2020-09-17
• 4.44.1 - 2020-07-30

from webpack GitHub release notes

Commit messages

Package name: webpack

• 93ce24d 5.33.2
• 45fac7d Merge pull request #13143 from webpack/bugfix/falsy-entry-options
• 2df8267 handle falsy entry options correctly
• 7a7d3be 5.33.1
• fbe2a59 Merge pull request #13142 from webpack/bugfix/publicPath-importModule
• 8d3a230 fix passing publicPath to `this.importModule`
• 7ee3bab 5.33.0
• aca0ee5 Merge pull request #13137 from webpack/feature/public-path-entry
• 52178a5 Merge pull request #13134 from webpack/bugfix/hmr-in-execute-module
• 38de0db allow to specify `publicPath` for each entrypoint
• f46e816 add HMR test case and fix problems with it
• 24c5902 add interceptModuleExecution, module cache and improve error messages
• 31353e3 Merge pull request #13132 from webpack/test/stability
• d808d04 attach the chunk graph to RuntimeModules
• de2e499 Merge pull request #13131 from webpack/perf/export-star
• ad4b806 improve test stability
• 88f4c66 update tooling to fix type constraint bug
• 0513a52 cache HarmonyExportImportedDependency.getMode
• bbcc5a8 add caching on ModuleGraph
• 9cecf3c add support for serializing circular values
• 846e8f0 improve error reporting
• 49a11ce Merge pull request #12917 from webpack/dependabot/npm_and_yarn/terser-5.6.1
• e3c2bee Merge pull request #13122 from webpack/dependabot/npm_and_yarn/types/jest-26.0.22
• 1324860 Merge pull request #13120 from webpack/dependabot/npm_and_yarn/chrome-trace-event-1.0.3

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs