Skip to content

Update dependency webpack to v4.26.0 #93

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency webpack to v4.26.0 #93

wants to merge 1 commit into from

Conversation

@dev-mend-for-github.zerozr99.workers.dev
Copy link

@dev-mend-for-github.zerozr99.workers.dev dev-mend-for-github.zerozr99.workers.dev bot commented Jul 30, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
webpack dependencies minor 4.17.1 -> 4.26.0

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score Vulnerability Reachability
Critical Critical 9.1 CVE-2024-42461
High High 8.1 CVE-2020-7660
High High 7.7 CVE-2020-13822
High High 7.5 CVE-2021-27290
High High 7.5 GHSA-6chw-6frg-f759
High High 7.3 CVE-2020-7774
Medium Medium 6.8 CVE-2020-28498
Medium Medium 5.6 CVE-2020-15366
Medium Medium 5.3 CVE-2024-42460
Medium Medium 4.2 CVE-2019-16769

Release Notes

webpack/webpack (webpack)

v4.26.0

Compare Source

Features

  • Switch from uglify-es to terser as default minimizer

Note: While they are officially backward-compatible, it can still happen that a new bugs occurs with terser, which break your production builds. Make sure to validate your production builds after upgrading to this version. (Note that it's always a good idea to test your output assets before deploying.)

If you want to report bugs to terser (https://github.com/terser-js/terser), please provide a minimal repro case with minimized and non-minimized code. You can configure webpack to generate non-minimized code in production mode by setting optimization.minimize: false. When reporting a bug to terser, best report a repro case which doesn't require running webpack and is reproducible with only the terser command line.

See optimization.minimizers configuration option to switch back to uglify-es or provide additional minimize options for terser.

v4.25.1

Compare Source

Bugfixes

  • fix replacement of compile-time constant expression when expression is a wrapped expression (string prefix and/or suffix).

v4.25.0

Compare Source

Features

  • add format option to DllPlugin to allow generating formated manifest json
  • add flags to ProgressPlugin to add and remove information
    • entrypoint counter was added, but disabled by default to avoid breaking change

Bugfixes

  • fix code generation for context dependencies when replacing compile-time constant expressions
  • disable the effect of the ProvidePlugin for .mjs

v4.24.0

Compare Source

Features

  • allow to pass no dependencies to DefinePlugin runtime value
    • DefinePlugin.runtimeValue(() => {...}, true) is always evaluated
  • add module argument to DefinePlugin.runtimeValue

Bugfixes

  • update webassemblyjs dependency
  • fix bug when using entry names that look like numbers with HMR

v4.23.1

Compare Source

Bugfixes

  • add space when replacing expression with constant
    • i. e. for code like return'development'===process.env.NODE_ENV&&'foo'

v4.23.0

Compare Source

Features

  • add watchMode flag to Compiler to be able to detect watch mode in plugins
  • Prefer chunk names of entrypoints when merging chunks
  • add removedFiles property to Compiler to detect removed files

Bugfixes

  • publish declarations to npm
  • upgrade @webassemblyjs/* for bugfix
  • fix crash when using a side-effect-free wasm module in production mode

Internal changes

  • test on node.js 12
  • fix memory leak in test suite

v4.22.0

Compare Source

Features

  • Add support for evaluating && and || expressions

Bugfixes

  • fix problems where order of things where not deterministic

Performance

  • improve performance of chunk graph creation
    • this will improve rebuild performance in watch mode

v4.21.0

Compare Source

Features

  • add output.libraryTarget: "amd-require" which generates a AMD require([], ...) wrapper instead of a define([], ...) wrapper
  • support arrays of strings passed to output.library, which exposes the library to a subproperty

Bugfixes

  • fix cases where __webpack_require__.e is used at runtime but is not defined in the bundle
  • fix behavior of externals of global type

Performance

  • Some performance improvements to the chunk graph generation

v4.20.2

Compare Source

Bugfixes

  • keep comments in export default in concatenated modules

v4.20.1

Compare Source

Bugfixes

  • fix crash when using libraryTarget: "amd" without library name

v4.20.0

Compare Source

Bugfixes

  • update dependencies (webpack-sources, @​webassemblyjs/*)
  • Handle errors thrown in renderes without crashing

Internal changes

  • Extended typings
  • Update internal structure of options schema to generate typings
    • Note: this exposed an issue in webpack-cli, you need to upgrade to webpack-cli@​3.1.1

v4.19.1

Compare Source

Bugfixes

  • Internal requested filename for import() with target: "electron-main" uses correct path separator on windows
    (This fixes a problem with filemappings in vscode)
  • devtool: "source-map" and variants generate SourceMaps when output file is .mjs
  • browser field as object is used when using target: "electron-renderer"
  • Comments near export default are preserved
  • Passing an array as externals value, now works correctly as documented

v4.19.0

Compare Source

Bugfixes

  • Create a hash of the whole runtime code for the chunk/contenthash of entry chunks
    • Before hash was (incorrectly) calculated from (some) inputs

v4.18.1

Compare Source

Bugfixes

  • Update tapable version, which fixes a memory leak

v4.18.0

Compare Source

Features

  • Upgrade webassemblyjs dependency

v4.17.3

Compare Source

Bugfixes

  • Fix exit code when multiple CLIs are installed
  • No longer recommend installing webpack-command, but still support it when installed

v4.17.2

Compare Source

Bugfixes

  • fix a spacing issue with the ProgressPlugin on some terminals
  • force-upgrade webpack-sources for performance improvement (was already in semver range)
  • If you want to rebase/retry this PR, check this box

@dev-mend-for-github.zerozr99.workers.dev dev-mend-for-github.zerozr99.workers.dev bot added the security fix Security fix generated by Mend label Jul 30, 2025
@dev-mend-for-github.zerozr99.workers.dev dev-mend-for-github.zerozr99.workers.dev bot force-pushed the whitesource-remediate/webpack-4.x-lockfile branch 3 times, most recently from c31bab1 to 3b4d98d Compare September 27, 2025 20:07
@dev-mend-for-github.zerozr99.workers.dev dev-mend-for-github.zerozr99.workers.dev bot force-pushed the whitesource-remediate/webpack-4.x-lockfile branch from 3b4d98d to 879c353 Compare September 28, 2025 05:31
@dev-mend-for-github.zerozr99.workers.dev dev-mend-for-github.zerozr99.workers.dev bot force-pushed the whitesource-remediate/webpack-4.x-lockfile branch from 879c353 to 8e40053 Compare November 10, 2025 21:59
@dev-mend-for-github.zerozr99.workers.dev
Copy link
Author

dev-mend-for-github.zerozr99.workers.dev bot commented Nov 10, 2025
edited
Loading

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json
npm WARN npm npm does not support Node.js v25.1.0
npm WARN npm You should probably upgrade to a newer version of node as we
npm WARN npm can't make any promises that npm will work with this version.
npm WARN npm Supported releases of Node.js are the latest release of 4, 6, 7, 8, 9, 10.
npm WARN npm You can find the latest version at https://nodejs.org/
npm ERR! cb.apply is not a function

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate/cache/others/npm/_logs/2025-11-11T11_27_26_658Z-debug.log

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security fix Security fix generated by Mend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant