Bump webpack to 5.76.0

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.
guardian · May 15, 2024 · c668732 · c668732
1 parent b5d5634
commit c668732
Show file tree

Hide file tree

Showing 2 changed files with 176 additions and 172 deletions.
diff --git a/client/package.json b/client/package.json
@@ -46,7 +46,7 @@
     "babel-loader": "^8.2.3",
     "html-webpack-plugin": "^5.5.0",
     "jest-environment-node": "^26.6.2",
-    "webpack": "^5.69.0",
+    "webpack": "^5.76.0",
     "webpack-bundle-analyzer": "^4.5.0",
     "webpack-cli": "^4.9.2",
     "webpack-dev-server": "^4.7.4",