[Snyk] Upgrade webpack from 5.11.0 to 5.99.2 #2088

Tanver-Hasan · 2025-04-29T12:29:05Z

Snyk has created this PR to upgrade webpack from 5.11.0 to 5.99.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 154 versions ahead of your current version.
The recommended version was released 21 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Sandbox Bypass SNYK-JS-WEBPACK-3358798	736	Proof of Concept

Release notes

Package name: webpack

5.99.2 - 2025-04-08
Fixes
- Dead control flow for exotic cases
5.99.1 - 2025-04-07
Fixes
- Dead control flow for many cases
5.99.0 - 2025-04-07
Fixes
- Fixed a lot of types
- Fixed runtime error when using asset module as entrypoint and runtimeChunk
- JSON generator now preserves __proto__ property
- Fixed when entry module isn't executed when targeting webworker with a runtime chunk
- Do not duplicate modules with import attributes and reexport
- The module and module ESM libraries have been union and code generation has been improved
- Use a valid output path for errored asset modules
- Remove BOM from JavaScript and CSS files when loader was not used
- Create export for externals for module/modern-module library
- Export unprovided variables for commonjs-static library
- Forward semicolons from meta.webpackAST
- Use xxhash64 for cache.hashAlgorithm when experiments.futureDefaults enabled
- [CSS] Fixed profiling plugin for CSS
- [CSS] Avoid extra module.export output for CSS module
Features
- Add dead control flow check
- Handle new Worker(import.meta.url) and new Worker(new URL(import.meta.url)) syntax
- Added ability to generate custom error content for generators
Performance Improvements
- Fixed excessive calls of getAllReferences
- Optimize loc for monomorphic inline caching
Chores
- Switch on strict types for typescript
5.98.0 - 2025-02-13
Fixes
- Avoid the deprecation message #19062 by @ alexander-akait
- Should not escape CSS local ident in JS #19060 by @ JSerFeng
- MF parse range not compatible with Safari #19083 by @ alexander-akait
- Preserve filenameTemplate in new split chunk #19104 by @ henryqdineen
- Use module IDs for final render order #19184 by @ dmichon-msft
- Strip blob: protocol when public path is auto #19199 by @ alexander-akait
- Respect output.charset everywhere #19202 by @ alexander-akait
- Node async WASM loader generation #19210 by @ ashi009
- Correct BuildInfo and BuildMeta type definitions #19200 by @ inottn
Performance Improvements
- Improve FlagDependencyExportsPlugin for large JSON by depth #19058 by @ hai-x
- Optimize assign-depths #19193 by @ dmichon-msft
- Use startsWith for matching instead of converting the string to a regex #19207 by @ inottn
Chores
- Bump nanoid from 3.3.7 to 3.3.8 #19063 by @ dependabot
- Fixed incorrect typecast in DefaultStatsFactoryPlugin #19156 by @ Andarist
- Improved readme.md by adding video links for understanding webpack #19101 by @ Vansh5632
- Typo fix #19205 by @ hai-x
- Adopt the new webpack governance model #18804 by @ ovflowd
Features
- Implement /* webpackIgnore: true */ for require.resolve #19201 by @ alexander-akait
Continuous Integration
- CI fix #19196 by @ alexander-akait
New Contributors
- @ Andarist made their first contribution in #19156
- @ Vansh5632 made their first contribution in #19101
- @ ashi009 made their first contribution in #19210
- @ ovflowd made their first contribution in #18804
Full Changelog: v5.97.1...v5.98.0
5.97.1 - 2024-12-05
Bug Fixes
- Performance regression
- Sub define key should't be renamed when it's a defined variable
5.97.0 - 2024-12-03
Bug Fixes
- Don't crash with filesystem cache and unknown scheme
- Generate a valid code when output.iife is true and output.library.type is umd
- Fixed conflict variable name with concatenate modules and runtime code
- Merge duplicate chunks before
- Collisions in ESM library
- Use recursive search for versions of shared dependencies
- [WASM] Don't crash WebAssembly with Reference Types (sync and async)
- [WASM] Fixed wasm loading for sync and async webassembly
- [CSS] Don't add [uniqueName] to localIdentName when it is empty
- [CSS] Parsing strings on Windows
- [CSS] Fixed CSS local escaping
New Features
- Added support for injecting debug IDs
- Export the MergeDuplicateChunks plugin
- Added universal loading for JS chunks and JS worker chunks (only ES modules)
- [WASM] Added universal loading for WebAssembly chunks (only for async WebAssembly)
- [CSS] Allow initial CSS chunks to be placed anywhere - the output.cssHeadDataCompression option was deleted
- [CSS] Added universal loading for CSS chunks
- [CSS] Parse ICSS @ value at-rules in CSS modules
- [CSS] Parse ICSS :import rules in CSS modules
- [CSS] Added the url and import options for CSS
- [CSS] Allow to import custom properties in CSS modules
Performance
- Faster Queue implementation, also fixed queue iterator state in dequeue method to ensure correct behavior after item removal
5.96.1 - 2024-11-01
Bug Fixes
- [Types] Add @ types/eslint-scope to dependencieS
- [Types] Fixed regression in validate
5.96.0 - 2024-10-31
Bug Fixes
- Fixed Module Federation should track all referenced chunks
- Handle Data URI without base64 word
- HotUpdateChunk have correct runtime when modified with new runtime
- Order of chunks ids in generated chunk code
- No extra Javascript chunks when using asset module as an entrypoint
- Use optimistically logic for output.environment.dynamicImport to determine chunk format when no browserslist or target
- Collision with global variables for optimization.avoidEntryIife
- Avoid through variables in inlined module
- Allow chunk template strings in output.devtoolNamespace
- No extra runtime for get javascript/css chunk filename
- No extra runtime for prefetch and preload in JS runtime when it was unsed in CSS
- Avoid cache invalidation using ProgressPlugin
- Increase parallelism when using importModule on the execution stage
- Correctly parsing string in export and import
- Typescript types
- [CSS] css/auto considers a module depending on its filename as css (pure CSS) or css/local, before it was css/global and css/local
- [CSS] Always interpolate classes even if they are not involved in export
- [CSS] No extra runtime in Javascript runtime chunks for asset modules used in CSS
- [CSS] No extra runtime in Javascript runtime chunks for external asset modules used in CSS
- [CSS] No extra runtime for the node target
- [CSS] Fixed url()s and @ import parsing
- [CSS] Fixed - emit a warning on broken :local and :global
New Features
- Export CSS and ESM runtime modules
- Single Runtime Chunk and Federation eager module hoisting
- [CSS] Support /* webpackIgnore: true */ for CSS files
- [CSS] Support src() support
- [CSS] CSS nesting in CSS modules
5.95.0 - 2024-09-25
Bug Fixes
- Fixed hanging when attempting to read a symlink-like file that it can't read
- Handle default for import context element dependency
- Merge duplicate chunks call after split chunks
- Generate correctly code for dynamically importing the same file twice and destructuring
- Use content hash as [base] and [name] for extracted DataURI's
- Distinguish module and import in module-import for externals import's
- [Types] Make EnvironmentPlugin default values types less strict
- [Types] Typescript 5.6 compatibility
New Features
- Add new optimization.avoidEntryIife option (true by default for the production mode)
- Pass output.hash* options to loader context
Performance
- Avoid unneeded re-visit in build chunk graph
5.94.0 - 2024-08-22
Bug Fixes
- Added runtime condition for harmony reexport checked
- Handle properly data/http/https protocols in source maps
- Make bigint optimistic when browserslist not found
- Move @ types/eslint-scope to dev deps
- Related in asset stats is now always an array when no related found
- Handle ASI for export declarations
- Mangle destruction incorrect with export named default properly
- Fixed unexpected asi generation with sequence expression
- Fixed a lot of types
New Features
- Added new external type "module-import"
- Support webpackIgnore for new URL() construction
- [CSS] @ import pathinfo support
Security
- Fixed DOM clobbering in auto public path
5.93.0 - 2024-07-11
5.92.1 - 2024-06-19
5.92.0 - 2024-06-11
5.91.0 - 2024-03-20
5.90.3 - 2024-02-19
5.90.2 - 2024-02-15
5.90.1 - 2024-02-01
5.90.0 - 2024-01-24
5.89.0 - 2023-10-13
5.88.2 - 2023-07-18
5.88.1 - 2023-06-28
5.88.0 - 2023-06-21
5.87.0 - 2023-06-14
5.86.0 - 2023-06-07
5.85.1 - 2023-06-05
5.85.0 - 2023-05-31
5.84.1 - 2023-05-25
5.84.0 - 2023-05-24
5.83.1 - 2023-05-17
5.83.0 - 2023-05-17
5.82.1 - 2023-05-10
5.82.0 - 2023-05-03
5.81.0 - 2023-04-26
5.80.0 - 2023-04-19
5.79.0 - 2023-04-12
5.78.0 - 2023-04-05
5.77.0 - 2023-03-29
5.76.3 - 2023-03-22
5.76.2 - 2023-03-15
5.76.1 - 2023-03-10
5.76.0 - 2023-03-08
5.75.0 - 2022-11-09
5.74.0 - 2022-07-25
5.73.0 - 2022-06-02
5.72.1 - 2022-05-10
5.72.0 - 2022-04-07
5.71.0 - 2022-04-01
5.70.0 - 2022-03-03
5.69.1 - 2022-02-17
5.69.0 - 2022-02-15
5.68.0 - 2022-01-31
5.67.0 - 2022-01-21
5.66.0 - 2022-01-12
5.65.0 - 2021-12-06
5.64.4 - 2021-11-25
5.64.3 - 2021-11-24
5.64.2 - 2021-11-20
5.64.1 - 2021-11-15
5.64.0 - 2021-11-11
5.63.0 - 2021-11-09
5.62.2 - 2021-11-09
5.62.1 - 2021-11-05
5.62.0 - 2021-11-05
5.61.0 - 2021-10-29
5.60.0 - 2021-10-25
5.59.1 - 2021-10-20
5.59.0 - 2021-10-19
5.58.2 - 2021-10-13
5.58.1 - 2021-10-08
5.58.0 - 2021-10-07
5.57.1 - 2021-10-05
5.57.0 - 2021-10-05
5.56.1 - 2021-10-04
5.56.0 - 2021-10-01
5.55.1 - 2021-09-29
5.55.0 - 2021-09-28
5.54.0 - 2021-09-24
5.53.0 - 2021-09-16
5.52.1 - 2021-09-10
5.52.0 - 2021-09-03
5.51.2 - 2021-09-02
5.51.1 - 2021-08-19
5.51.0 - 2021-08-19
5.50.0 - 2021-08-10
5.49.0 - 2021-08-06
5.48.0 - 2021-08-02
5.47.1 - 2021-07-29
5.47.0 - 2021-07-27
5.46.0 - 2021-07-22
5.45.1 - 2021-07-16
5.45.0 - 2021-07-16
5.44.0 - 2021-07-08
5.43.0 - 2021-07-06
5.42.1 - 2021-07-05
5.42.0 - 2021-07-02
5.41.1 - 2021-06-29
5.41.0 - 2021-06-28
5.40.0 - 2021-06-21
5.39.1 - 2021-06-17
5.39.0 - 2021-06-14
5.38.1 - 2021-05-27
5.38.0 - 2021-05-27
5.37.1 - 2021-05-19
5.37.0 - 2021-05-10
5.36.2 - 2021-04-30
5.36.1 - 2021-04-28
5.36.0 - 2021-04-27
5.35.1 - 2021-04-23
5.35.0 - 2021-04-21
5.34.0 - 2021-04-19
5.33.2 - 2021-04-14
5.33.1 - 2021-04-14
5.33.0 - 2021-04-14
5.32.0 - 2021-04-12
5.31.2 - 2021-04-09
5.31.1 - 2021-04-09
5.31.0 - 2021-04-07
5.30.0 - 2021-04-01
5.29.0 - 2021-04-01
5.28.0 - 2021-03-24
5.27.2 - 2021-03-22
5.27.1 - 2021-03-20
5.27.0 - 2021-03-19
5.26.3 - 2021-03-17
5.26.2 - 2021-03-16
5.26.1 - 2021-03-16
5.26.0 - 2021-03-15
5.25.1 - 2021-03-14
5.25.0 - 2021-03-12
5.24.4 - 2021-03-08
5.24.3 - 2021-03-03
5.24.2 - 2021-02-24
5.24.1 - 2021-02-23
5.24.0 - 2021-02-22
5.23.0 - 2021-02-18
5.22.0 - 2021-02-15
5.21.2 - 2021-02-07
5.21.1 - 2021-02-06
5.21.0 - 2021-02-05
5.20.2 - 2021-02-04
5.20.1 - 2021-02-03
5.20.0 - 2021-02-02
5.19.0 - 2021-01-29
5.18.0 - 2021-01-26
5.17.0 - 2021-01-22
5.16.0 - 2021-01-19
5.15.0 - 2021-01-15
5.14.0 - 2021-01-13
5.13.0 - 2021-01-11
5.12.3 - 2021-01-10
5.12.2 - 2021-01-09
5.12.1 - 2021-01-08
5.12.0 - 2021-01-08
5.11.1 - 2020-12-28
5.11.0 - 2020-12-17

from webpack GitHub release notes

Important

Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade webpack from 5.11.0 to 5.99.2. See this package in npm: webpack See this project in Snyk: https://app.snyk.io/org/tanver-hasan/project/6e934631-b657-40d6-bf89-59ee9faa0c93?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Upgrade webpack from 5.11.0 to 5.99.2 #2088

[Snyk] Upgrade webpack from 5.11.0 to 5.99.2 #2088

Uh oh!

Tanver-Hasan commented Apr 29, 2025

Fixes

Fixes

Fixes

Features

Performance Improvements

Chores

Fixes

Performance Improvements

Chores

Features

Continuous Integration

New Contributors

Bug Fixes

Bug Fixes

New Features

Performance

Bug Fixes

Bug Fixes

New Features

Bug Fixes

New Features

Performance

Bug Fixes

New Features

Security

Uh oh!

Uh oh!

[Snyk] Upgrade webpack from 5.11.0 to 5.99.2 #2088

Are you sure you want to change the base?

[Snyk] Upgrade webpack from 5.11.0 to 5.99.2 #2088

Uh oh!

Conversation

Tanver-Hasan commented Apr 29, 2025

Snyk has created this PR to upgrade webpack from 5.11.0 to 5.99.2.

Issues fixed by the recommended upgrade:

Fixes

Fixes

Fixes

Features

Performance Improvements

Chores

Fixes

Performance Improvements

Chores

Features

Continuous Integration

New Contributors

Bug Fixes

Bug Fixes

New Features

Performance

Bug Fixes

Bug Fixes

New Features

Bug Fixes

New Features

Performance

Bug Fixes

New Features

Security

Uh oh!

Uh oh!