Bump webpack from 5.90.3 to 5.94.0 #3283
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [webpack](https://github.com/webpack/webpack) from 5.90.3 to 5.94.0. - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.90.3...v5.94.0) --- updated-dependencies: - dependency-name: webpack dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
the
dependencies
tdonohue
added
port to dspace-7_x
|
@artlowel and @alexandrevryghem : this automatic update to webpack 5.94.0 appears to be throwing errors with how i18n hashes are being generated (added in #2464). I haven't had a chance to dig into it, but it appears Webpack's EnvironmentPlugin may have changed, which is throwing errors in the build process. If one of you has a chance to glance at this, I'd appreciate any advice (or alternative PRs). Obviously, we want to be sure we can upgrade to the latest Webpack v5. |
…hing is currently too strict
|
@tdonohue: This appears to be caused by a type issue in webpack. There is already an open PR for it, so hopefully it will be fixed soon. I temporarily added a There was also an issue with the tests because the old webpack version (5.90.3) was still present in the |
This automatically removed some old eslint dependencies, which caused some conflicts in the custom linting plugin
alexandrevryghem
force-pushed
the
dependabot/npm_and_yarn/webpack-5.94.0
branch
from
1b5a946 to
5f922c0
Compare
There was a problem hiding this comment.
👍 Thanks @alexandrevryghem ! This all looks good and it works well. I gave it a quick manual test, and all our automated tests pass too.
Merging immediately and attempting to auto-port to 8.x. We likely will need to port manually to 7.x as that has an even older version of webpack (v5.76.1)
|
Backport failed for Please cherry-pick the changes locally and resolve any conflicts. git fetch origin dspace-7_x
git worktree add -d .worktree/backport-3283-to-dspace-7_x origin/dspace-7_x
cd .worktree/backport-3283-to-dspace-7_x
git switch --create backport-3283-to-dspace-7_x
git cherry-pick -x 81b89f5d0c3ae65b0a56e03fba35d8be2a2ff075 7dea5f7d98afc6a6ab2ac8438eea4b00dd00175d 5f922c06e038c2909446b4ad36b47171f7d6baf3 |
|
Successfully created backport PR for |
|
The port to 8.x (for 8.1) was successful. I attempted a basic port back to 7.x in #3294, but it didn't work properly as it resulted in two versions of webpack (which caused tests to fail). So, I closed that PR. Ideally, this would be nice to port to 7.x, unless it's simply not feasible. |
tdonohue
removed
the
port to dspace-8_x
|
@tdonohue: I looked into this, and I don't think it will be possible because Angular v15 is no longer supported. Its Webpack version won't be updated anymore, so the highest version we can use is its current version, which is v5.76.1 (which we are already on). The lowest version that supports Webpack v5.94.0 is Angular v16.2.15. |
|
@alexandrevryghem : Thanks for clarifying & digging into this. In that case, I'll remove the port to 7.x label. Note for other developers: this upgrade was only done for 8.x and 9.x. It could not be ported to 7.x because of the reasons described above. |
tdonohue
removed
the
port to dspace-7_x
Bumps webpack from 5.90.3 to 5.94.0.
Release notes
Sourced from webpack's releases.
... (truncated)
Commits
eabf85dchore(release): 5.94.0955e057security: fix DOM clobbering in auto public path9822387test: fixcbb86edtest: fix5ac3d7ffix: unexpected asi generation with sequence expression2411661security: fix DOM clobbering in auto public pathb8c03d4fix: unexpected asi generation with sequence expressionf46a03crevert: do not use heuristic fallback for "module-import"60f1898fix: do not use heuristic fallback for "module-import"66306aaRevert "fix: module-import get fallback from externalsPresets"Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.