You're Invited:Meet the Socket Team at RSAC and BSidesSF 2026, March 23–26.RSVP
Socket
Book a DemoSign in
Socket
Book a DemoSign in

webpack

Package Overview
Dependencies
Maintainers
4
Versions
869
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

webpack - npm Package Compare versions

Comparing version
5.104.0
 to
5.104.1
+5
-3
lib/dependencies/HarmonyExportImportedSpecifierDependency.js

@@ -1254,5 +1254,7 @@ /*

content += "__WEBPACK_REEXPORT_OBJECT__[__WEBPACK_IMPORT_KEY__] = ";
content += runtimeTemplate.supportsArrowFunction()
? `() => ${importVar}[__WEBPACK_IMPORT_KEY__]`
: `function(key) { return ${importVar}[key]; }.bind(0, __WEBPACK_IMPORT_KEY__)`;
content +=
runtimeTemplate.supportsArrowFunction() &&
runtimeTemplate.supportsConst()
? `() => ${importVar}[__WEBPACK_IMPORT_KEY__]`
: `function(key) { return ${importVar}[key]; }.bind(0, __WEBPACK_IMPORT_KEY__)`;

@@ -1259,0 +1261,0 @@ runtimeRequirements.add(RuntimeGlobals.exports);

+19
-3
lib/schemes/HttpUriPlugin.js

@@ -956,8 +956,24 @@ /*

const isAllowed = (uri) => {
let parsedUri;
try {
// Parse the URI to prevent userinfo bypass attacks
// (e.g., http://allowed@malicious/path where @malicious is the actual host)
parsedUri = new URL(uri);
} catch (_err) {
return false;
}
for (const allowed of allowedUris) {
if (typeof allowed === "string") {
if (uri.startsWith(allowed)) return true;
let parsedAllowed;
try {
parsedAllowed = new URL(allowed);
} catch (_err) {
continue;
}
if (parsedUri.href.startsWith(parsedAllowed.href)) {
return true;
}
} else if (typeof allowed === "function") {
if (allowed(uri)) return true;
} else if (allowed.test(uri)) {
if (allowed(parsedUri.href)) return true;
} else if (allowed.test(parsedUri.href)) {
return true;

@@ -964,0 +980,0 @@ }

+1
-1
lib/SizeFormatHelpers.js

@@ -9,3 +9,3 @@ /*

/**
* @param {number} size the size in bytes
* @param {number=} size the size in bytes
* @returns {string} the formatted size

@@ -12,0 +12,0 @@ */

+3
-2
package.json
{
"name": "webpack",
"version": "5.104.0",
"version": "5.104.1",
"description": "Packs ECMAScript/CommonJs/AMD modules for the browser. Allows you to split your codebase into multiple bundles, which can be loaded on demand. Supports loaders to preprocess files, i.e. json, jsx, es7, css, less, ... and your custom stuff.",

@@ -35,3 +35,3 @@ "homepage": "https://github.com/webpack/webpack",

"prelint": "yarn setup",
"lint": "yarn lint:code && yarn lint:special && yarn lint:types && yarn lint:types-test && yarn lint:types-module-test && yarn lint:types-hot && yarn lint:yarn && yarn fmt:check && yarn lint:spellcheck",
"lint": "yarn lint:code && yarn lint:special && yarn lint:types && yarn lint:types-test && yarn lint:types-benchmark && yarn lint:types-module-test && yarn lint:types-hot && yarn lint:yarn && yarn fmt:check && yarn lint:spellcheck",
"lint:code": "node node_modules/eslint/bin/eslint.js --cache .",

@@ -41,2 +41,3 @@ "lint:special": "node node_modules/tooling/lockfile-lint && node node_modules/tooling/schemas-lint && node node_modules/tooling/inherit-types && node node_modules/tooling/format-schemas && node tooling/generate-runtime-code.js && node tooling/generate-wasm-code.js && node node_modules/tooling/compile-to-definitions && node node_modules/tooling/precompile-schemas && node node_modules/tooling/generate-types --no-template-literals",

"lint:types-test": "tsc -p tsconfig.types.test.json",
"lint:types-benchmark": "tsc -p tsconfig.types.benchmark.json",
"lint:types-hot": "tsc -p tsconfig.hot.json",

@@ -43,0 +44,0 @@ "lint:types-module-test": "tsc -p tsconfig.module.test.json",

types.d.ts

Sorry, the diff of this file is too big to display