[Snyk] Upgrade webpack from 5.94.0 to 5.99.9

[nerdy-tech-com-gitub]

Snyk has created this PR to upgrade webpack from 5.94.0 to 5.99.9.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 16 versions ahead of your current version.

• The recommended version was released 25 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	67	Proof of Concept
	Denial of Service (DoS) SNYK-JS-HTTPPROXYMIDDLEWARE-8229906	67	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-8482416	67	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	67	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	67	No Known Exploit
	Always-Incorrect Control Flow Implementation SNYK-JS-HTTPPROXYMIDDLEWARE-9691387	67	No Known Exploit
	Improper Check for Unusual or Exceptional Conditions SNYK-JS-HTTPPROXYMIDDLEWARE-9691389	67	No Known Exploit
	Improper Input Validation SNYK-JS-NANOID-8492085	67	No Known Exploit

Release notes

Package name: webpack

• 5.99.9 - 2025-05-20
  

  Fixes

  • HMR might fail if there are new initial chunks
  • Destructuring namespace import with default
  • Destructuring namespace import with computed-property
  • Generate valid code for es export generation for multiple module entries
  • Fixed public path issue for ES modules
  • Asset modules work when lazy compilation used
  • Eliminate unused statements in certain scenarios
  • Fixed regression with location and order of dependencies
  • Fixed typescript types
• 5.99.8 - 2025-05-06
  

  Fixes

  • Fixed type error with latest @ types/node
  • Fixed typescript types
• 5.99.7 - 2025-04-25
  

  Fixes

  • Don't skip export generation for default reexport (#19463)
  • Fixed module library export generation for reexport (#19459)
  • Avoid module concatenation in child compilation for module library (#19457)
  • Ensure HMR recover gracefully when CSS module with error
  • Respect cause of any errors and errors of AggregateError in stats output
  • Added missing @ types/json-schema in types
• 5.99.6 - 2025-04-18
  

  Fixes

  • Respect public path for ES modules
  • Fixed generation of module for module library when mixing commonjs and esm modules
  • Always apply FlagDependencyExportsPlugin for libraries where it required
  • Faster logic for dead control flow
  • Typescript types
• 5.99.5 - 2025-04-08
  

  Fixes

  • Control dead flow for labeled and blockless statements
• 5.99.4 - 2025-04-08
  

  Fixes

  • Fixed terminated state for if/else
• 5.99.3 - 2025-04-08
  

  Fixes

  • Fixed dead control flow with deep nested if/else
• 5.99.2 - 2025-04-08
  

  Fixes

  • Dead control flow for exotic cases
• 5.99.1 - 2025-04-07
  

  Fixes

  • Dead control flow for many cases
• 5.99.0 - 2025-04-07
  

  Fixes

  • Fixed a lot of types
  • Fixed runtime error when using asset module as entrypoint and runtimeChunk
  • JSON generator now preserves __proto__ property
  • Fixed when entry module isn't executed when targeting webworker with a runtime chunk
  • Do not duplicate modules with import attributes and reexport
  • The module and module ESM libraries have been union and code generation has been improved
  • Use a valid output path for errored asset modules
  • Remove BOM from JavaScript and CSS files when loader was not used
  • Create export for externals for module/modern-module library
  • Export unprovided variables for commonjs-static library
  • Forward semicolons from meta.webpackAST
  • Use xxhash64 for cache.hashAlgorithm when experiments.futureDefaults enabled
  • [CSS] Fixed profiling plugin for CSS
  • [CSS] Avoid extra module.export output for CSS module

  Features

  • Add dead control flow check
  • Handle new Worker(import.meta.url) and new Worker(new URL(import.meta.url)) syntax
  • Added ability to generate custom error content for generators

  Performance Improvements

  • Fixed excessive calls of getAllReferences
  • Optimize loc for monomorphic inline caching

  Chores

  • Switch on strict types for typescript
• 5.98.0 - 2025-02-13
• 5.97.1 - 2024-12-05
• 5.97.0 - 2024-12-03
• 5.96.1 - 2024-11-01
• 5.96.0 - 2024-10-31
• 5.95.0 - 2024-09-25
• 5.94.0 - 2024-08-22

from webpack GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Summary by Sourcery

Build:

• Bump webpack version from ^5.82.1 to ^5.99.9 in glances/outputs/static/package.json

[sourcery-ai]

Reviewer's Guide

Upgrades the webpack dependency to v5.99.9 in the static build configuration to pull in security fixes and recent patches.

Flow Diagram for Snyk-Initiated Webpack Upgrade Process

graph TD
    A["Snyk scans project ('package.json')"] --> B{"Identifies webpack\nneeds upgrade (e.g., from v^5.82.1)"};
    B -- Yes --> C["Snyk creates a Pull Request"];
    C -- "PR proposes change to 'package.json'" --> D["Update 'webpack' version\nfrom '^5.82.1' to '^5.99.9'"];
    D -- "Change applied after PR merge" --> E["Build system uses updated webpack (v^5.99.9)"];
    E --> F["Benefits:\n- Security vulnerabilities addressed\n- Bug fixes from newer webpack versions"];

Loading

File-Level Changes

Change	Details	Files
Bump webpack package version	Changed webpack specifier from ^5.82.1 to ^5.99.9	glances/outputs/static/package.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.