Skip to content

build(deps-dev): bump webpack from 5.87.0 to 5.102.1#1214

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/webpack-5.102.1
Closed

build(deps-dev): bump webpack from 5.87.0 to 5.102.1#1214
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/webpack-5.102.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Oct 13, 2025
edited
Loading

Bumps webpack from 5.87.0 to 5.102.1.

Release notes

Sourced from webpack's releases.

v5.102.1

Fixes

  • Supported extends with env for browserslist
  • Supported JSONP fragment format for web workers.
  • Fixed dynamic import support in workers using browserslist.
  • Fixed default defer import mangling.
  • Fixed default import of commonjs externals for SystemJS format.
  • Fixed context modules to the same file with different import attributes.
  • Fixed typescript types.
  • Improved import.meta warning messages to be more clear when used directly.
  • [CSS] Fixed CC_UPPER_U parsing (E -> U) in tokenizer.

v5.102.0

Features

  • Added static analyze for dynamic imports
  • Added support for import file from "./file.ext" with { type: "bytes" } to get the content as Uint8Array (look at example)
  • Added support for import file from "./file.ext" with { type: "text" } to get the content as text (look at example)
  • Added the snapshot.contextModule to configure snapshots options for context modules
  • Added the extractSourceMap option to implement the capabilities of loading source maps by comment, you don't need source-map-loader (look at example)
  • The topLevelAwait experiment is now stable (you can remove experiments.topLevelAwait from your webpack.config.js)
  • The layers experiment is now stable (you can remove experiments.layers from your webpack.config.js)
  • Added function matcher support in rule options

Fixes

  • Fixed conflicts caused by multiple concatenate modules
  • Ignore import failure during HMR update with ES modules output
  • Keep render module order consistent
  • Prevent inlining modules that have this exports
  • Removed unused timeout attribute of script tag
  • Supported UMD chunk format to work in web workers
  • Improved CommonJs bundle to ES module library
  • Use es-lexer for mjs files for build dependencies
  • Fixed support __non_webpack_require__ for ES modules
  • Properly handle external modules for CSS
  • AssetsByChunkName included assets from chunk.auxiliaryFiles
  • Use createRequire only when output is ES module and target is node
  • Typescript types

Performance Improvements

  • Avoid extra calls for snapshot
  • A avoid extra jobs for build dependencies
  • Move import attributes to own dependencies

v5.101.3

... (truncated)

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
build(deps-dev): bump webpack from 5.87.0 to 5.102.1
1a251a2 
Bumps [webpack](https://github.com/webpack/webpack) from 5.87.0 to 5.102.1.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](webpack/webpack@v5.87.0...v5.102.1)

---
updated-dependencies:
- dependency-name: webpack
  dependency-version: 5.102.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Oct 13, 2025
@bolt-new-by-stackblitz
Copy link
Copy Markdown

bolt-new-by-stackblitz bot commented Oct 13, 2025

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@dependabot dependabot bot mentioned this pull request Oct 13, 2025
Closed
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai bot commented Oct 13, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@socket-security
Copy link
Copy Markdown

socket-security bot commented Oct 13, 2025

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​esbuild/​linux-loong64@​0.14.541001003990100
Addedesbuild-android-arm64@​0.14.541001003978100
Addedesbuild-darwin-64@​0.14.541001003978100
Addedesbuild-darwin-arm64@​0.14.541001003978100
Addedesbuild-freebsd-64@​0.14.541001003978100
Addedesbuild-freebsd-arm64@​0.14.541001003978100
Addedesbuild-linux-32@​0.14.541001003978100
Addedesbuild-linux-64@​0.14.541001003978100
Addedesbuild-linux-arm@​0.14.541001003978100
Addedesbuild-linux-arm64@​0.14.541001003978100
Addedesbuild-linux-mips64le@​0.14.541001003978100
Addedesbuild-linux-ppc64le@​0.14.541001003978100
Addedesbuild-linux-riscv64@​0.14.541001003978100
Addedesbuild-linux-s390x@​0.14.541001003978100
Addedesbuild-openbsd-64@​0.14.541001003978100
Addedesbuild-sunos-64@​0.14.541001003978100
Addedesbuild-windows-32@​0.14.541001003978100
Addedesbuild-windows-64@​0.14.541001003978100
Addedesbuild-windows-arm64@​0.14.541001003978100
Addedesbuild-netbsd-64@​0.14.541001004078100
Addedpath-parse@​1.0.7671007952100
Addedis-core-module@​2.8.1671008153100
Addednode-releases@​2.0.21001005387100
Addedsafe-buffer@​5.1.26710010053100
Addedobject-assign@​4.1.1671008654100
Added@​babel/​plugin-transform-react-jsx-development@​7.16.71001006189100
Added@​babel/​plugin-syntax-jsx@​7.16.71001006489100
Added@​babel/​helper-annotate-as-pure@​7.16.71001006589100
Added@​babel/​helper-environment-visitor@​7.16.71001006782100
Addedesbuild-android-64@​0.14.541001007078100
Added@​types/​prop-types@​15.7.41001007079100
Added@​babel/​helper-split-export-declaration@​7.16.71001007082100
Added@​babel/​plugin-transform-react-jsx-source@​7.16.71001007089100
See 63 more rows in the dashboard

View full report

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Oct 13, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@chintan9 chintan9 closed this Dec 20, 2025
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Dec 20, 2025

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/webpack-5.102.1 branch December 20, 2025 05:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code size/XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chintan9