Skip to content

fix(webpack): migrate to latest version to prevent security vulnerabilities #29755 #30590

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 2, 2025
Merged

fix(webpack): migrate to latest version to prevent security vulnerabilities #29755 #30590

merged 1 commit into from
Apr 2, 2025

Conversation

Coly010
Copy link
Contributor

@Coly010 Coly010 commented Apr 2, 2025

Current Behavior

The @nx/webpack depends on webpack at version ^5.80.0. Despite the ^ allowing it to resolve to a higher minor, there has been no migration to force users onto a higher version.
There is a security vulnerability with version 5.88.0.

Expected Behavior

Ensure users are migrated to a version where the security vulnerability has been fixed.

Related Issue(s)

Fixes #29755

@Coly010 Coly010 requested review from FrozenPandaz, jaysoo, AgentEnder and a team as code owners April 2, 2025 14:38
@Coly010 Coly010 self-assigned this Apr 2, 2025
@vercel Vercel
Copy link

vercel bot commented Apr 2, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated (UTC)
nx-dev ✅ Ready (Inspect) Visit Preview Apr 2, 2025 3:52pm

@Coly010 Coly010 force-pushed the webpack/bump-versions branch from 0750b90 to cf9cccf Compare April 2, 2025 14:44
@Coly010 Coly010 enabled auto-merge (squash) April 2, 2025 14:44
@nx-cloud Nx Cloud
Copy link
Contributor

nx-cloud bot commented Apr 2, 2025
edited
Loading

View your CI Pipeline Execution ↗ for commit 39f18b9.

Command Status Duration Result
nx affected --targets=lint,test,build,e2e,e2e-c... ✅ Succeeded 36m 47s View ↗
nx run-many -t check-imports check-commit check... ✅ Succeeded 18s View ↗
nx-cloud record -- nx-cloud conformance:check ✅ Succeeded 2s View ↗
nx-cloud record -- nx format:check --base=176e8... ✅ Succeeded 2s View ↗
nx-cloud record -- nx sync:check ✅ Succeeded 1s View ↗
nx documentation ✅ Succeeded 3m 14s View ↗

☁️ Nx Cloud last updated this comment at 2025-04-02 16:27:58 UTC

@Coly010 Coly010 force-pushed the webpack/bump-versions branch from cf9cccf to 39f18b9 Compare April 2, 2025 15:43
@Coly010 Coly010 requested review from a team as code owners April 2, 2025 15:43
@Coly010 Coly010 requested a review from ndcunningham April 2, 2025 15:43
@jaysoo jaysoo disabled auto-merge April 2, 2025 16:32
@jaysoo jaysoo merged commit 27b78cd into master Apr 2, 2025
12 checks passed
@jaysoo jaysoo deleted the webpack/bump-versions branch April 2, 2025 16:32
jaysoo pushed a commit that referenced this pull request Apr 2, 2025
@Coly010 @jaysoo
fix(webpack): migrate to latest version to prevent security vulnerabi…
f843a59 
…lities #29755 (#30590)

## Current Behavior
The `@nx/webpack` depends on `webpack` at version `^5.80.0`. Despite the
`^` allowing it to resolve to a higher minor, there has been no
migration to force users onto a higher version.
There is a security vulnerability with version `5.88.0`.

## Expected Behavior
Ensure users are migrated to a version where the security vulnerability
has been fixed.

## Related Issue(s)

Fixes #29755
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 8, 2025

This pull request has already been merged/closed. If you experience issues related to these changes, please open a new issue referencing this pull request.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 8, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jaysoo jaysoo jaysoo approved these changes

@FrozenPandaz FrozenPandaz Awaiting requested review from FrozenPandaz FrozenPandaz is a code owner

@AgentEnder AgentEnder Awaiting requested review from AgentEnder AgentEnder is a code owner

@ndcunningham ndcunningham Awaiting requested review from ndcunningham ndcunningham is a code owner automatically assigned from nrwl/nx-react-reviewers

Assignees

@Coly010 Coly010

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Security Enhancement Opportunity: @nx/module-federation webpack version
2 participants
@Coly010 @jaysoo