[Snyk] Upgrade webpack from 4.29.3 to 4.46.0 #16

snyk-bot · 2021-07-14T04:42:23Z

Snyk has created this PR to upgrade webpack from 4.29.3 to 4.46.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 41 versions ahead of your current version.
The recommended version was released 6 months ago, on 2021-01-11.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1085630	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-LODASH-590103	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-COPYPROPS-1082870	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Remote Memory Exposure SNYK-JS-BL-608877	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Improper Input Validation SNYK-JS-URLPARSE-1078283	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-PATHVAL-596926	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-1279029	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-FLAT-596927	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-1298035	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: webpack

4.46.0 - 2021-01-11
Bugfixes
- fix behavior of defaults for resolve.roots to be backward-compatible
4.45.0 - 2021-01-08
Features
- resolve server-relative requests relative to project context by default
Bugfixes
- fix a bug where splitChunk minSize is not handled correctly
- fix a bug where the order of splitChunk cacheGroups is not handled correctly
4.44.2 - 2020-09-17
4.44.1 - 2020-07-30
4.44.0 - 2020-07-24
4.43.0 - 2020-04-21
4.42.1 - 2020-03-24
4.42.0 - 2020-03-02
4.41.6 - 2020-02-11
4.41.5 - 2019-12-27
4.41.4 - 2019-12-19
4.41.3 - 2019-12-16
4.41.2 - 2019-10-15
4.41.1 - 2019-10-11
4.41.0 - 2019-09-24
4.40.3 - 2019-09-24
4.40.2 - 2019-09-13
4.40.1 - 2019-09-13
4.40.0 - 2019-09-12
4.39.3 - 2019-08-27
4.39.2 - 2019-08-13
4.39.1 - 2019-08-02
4.39.0 - 2019-08-01
4.38.0 - 2019-07-26
4.37.0 - 2019-07-23
4.36.1 - 2019-07-17
4.36.0 - 2019-07-17
4.35.3 - 2019-07-08
4.35.2 - 2019-07-01
4.35.1 - 2019-07-01
4.35.0 - 2019-06-20
4.34.0 - 2019-06-12
4.33.0 - 2019-06-04
4.32.2 - 2019-05-22
4.32.1 - 2019-05-22
4.32.0 - 2019-05-20
4.31.0 - 2019-05-09
4.30.0 - 2019-04-12
4.29.6 - 2019-02-28
4.29.5 - 2019-02-18
4.29.4 - 2019-02-15
4.29.3 - 2019-02-07

from webpack GitHub release notes

Commit messages

Package name: webpack

444e59f 4.46.0
758bb25 Merge pull request #12387 from webpack/bugfix/12386
79de1a2 enable backward-compatibility for resolve.roots
ef75c04 Fix filename in azure pipeline
7714953 add test case
0331322 4.45.0
e43bb4b Merge pull request #12372 from webpack/bugfix/split-chunks-min-size-4
4de8451 fix bug where cacheGroup index was inverted
3f69f3c fix bug where module size is added multiple times to the split chunk info
c572c15 Merge pull request #11831 from Pyrolistical/patch-1
811395e Fixed resolve.roots default
2efeb4b 4.44.2
9635616 Merge pull request #11490 from webpack/bugfix/unknown-chunk-4
235b87b make sure to generate correct chunk connection for blocks that are only connected in some runtimes
4a1f068 Merge pull request #11180 from webpack/test/watch-production-4
cd4af16 4.44.1
7895778 Merge pull request #11244 from webpack/bugfix/dynamic-reexport-default
46304c8 ignore default export when reexporting a dynamic module
91e81c8 Merge pull request #11190 from merceyz/patch-2
087af7c Merge branch 'webpack-4' into patch-2
d4603c6 4.44.0
ea06f03 Merge pull request #11225 from webpack/deps/watchpack
eae1ba0 update watchpack
42dc038 Merge pull request #11210 from webpack/ci/timeout-4