Skip to content

chore(deps-dev): bump webpack from 5.95.0 to 5.104.1 #19199

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
chargome merged 4 commits into from
Feb 7, 2026
Merged

chore(deps-dev): bump webpack from 5.95.0 to 5.104.1 #19199

chargome merged 4 commits into from
Feb 7, 2026
+94 −105

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 5, 2026

Bumps webpack from 5.95.0 to 5.104.1.

Release notes

Sourced from webpack's releases.

v5.104.1

5.104.1

Patch Changes

  • 2efd21b: Reexports runtime calculation should not accessing WEBPACK_IMPORT_KEY decl with var.
  • c510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.

v5.104.0

5.104.0

Minor Changes

  • d3dd841: Use method shorthand to render module content in __webpack_modules__ object.
  • d3dd841: Enhance import.meta.env to support object access.
  • 4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.
  • 04cd530: Handle more at-rules for CSS modules.
  • cafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.
  • d3dd841: Added base64url, base62, base58, base52, base49, base36, base32 and base25 digests.
  • 5983843: Provide a stable runtime function variable __webpack_global__.
  • d3dd841: Improved localIdentName hashing for CSS.

Patch Changes

  • 22c48fb: Added module existence check for informative error message in development mode.
  • 50689e1: Use the fully qualified class name (or export name) for [fullhash] placeholder in CSS modules.
  • d3dd841: Support universal lazy compilation.
  • d3dd841: Fixed module library export definitions when multiple runtimes.
  • d3dd841: Fixed CSS nesting and CSS custom properties parsing.
  • d3dd841: Don't write fragment from URL to filename and apply fragment to module URL.
  • aab1da9: Fixed bugs for css/global type.
  • d3dd841: Compatibility import.meta.filename and import.meta.dirname with eval devtools.
  • d3dd841: Handle nested __webpack_require__.
  • 728ddb7: The speed of identifier parsing has been improved.
  • 0f8b31b: Improve types.
  • d3dd841: Don't corrupt debugId injection when hidden-source-map is used.
  • 2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.
  • d3dd841: Serialize HookWebpackError.
  • d3dd841: Added ability to use built-in properties in dotenv and define plugin.
  • 3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.
  • d3dd841: Reduce collision for local indent name in CSS.
  • d3dd841: Remove CSS link tags when CSS imports are removed.

v5.103.0

Features

  • Added DotenvPlugin and top level dotenv option to enable this plugin
  • Added WebpackManifestPlugin
  • Added support the ignoreList option in devtool plugins
  • Allow to use custom javascript parse function

... (truncated)

Changelog

Sourced from webpack's changelog.

5.104.1

Patch Changes

  • 2efd21b: Reexports runtime calculation should not accessing WEBPACK_IMPORT_KEY decl with var.
  • c510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.

5.104.0

Minor Changes

  • d3dd841: Use method shorthand to render module content in __webpack_modules__ object.
  • d3dd841: Enhance import.meta.env to support object access.
  • 4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.
  • 04cd530: Handle more at-rules for CSS modules.
  • cafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.
  • d3dd841: Added base64url, base62, base58, base52, base49, base36, base32 and base25 digests.
  • 5983843: Provide a stable runtime function variable __webpack_global__.
  • d3dd841: Improved localIdentName hashing for CSS.

Patch Changes

  • 22c48fb: Added module existence check for informative error message in development mode.
  • 50689e1: Use the fully qualified class name (or export name) for [fullhash] placeholder in CSS modules.
  • d3dd841: Support universal lazy compilation.
  • d3dd841: Fixed module library export definitions when multiple runtimes.
  • d3dd841: Fixed CSS nesting and CSS custom properties parsing.
  • d3dd841: Don't write fragment from URL to filename and apply fragment to module URL.
  • aab1da9: Fixed bugs for css/global type.
  • d3dd841: Compatibility import.meta.filename and import.meta.dirname with eval devtools.
  • d3dd841: Handle nested __webpack_require__.
  • 728ddb7: The speed of identifier parsing has been improved.
  • 0f8b31b: Improve types.
  • d3dd841: Don't corrupt debugId injection when hidden-source-map is used.
  • 2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.
  • d3dd841: Serialize HookWebpackError.
  • d3dd841: Added ability to use built-in properties in dotenv and define plugin.
  • 3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.
  • d3dd841: Reduce collision for local indent name in CSS.
  • d3dd841: Remove CSS link tags when CSS imports are removed.
Commits
  • 24e3c2d chore(release): new release (#20253)
  • 2efd21b fix(re-exports): reexports runtime calculation should not accessing `__WEBPAC...
  • c510070 fix(security): userinfo bypass vulnerability in HttpUriPlugin allowedUris
  • 4b0501c ci: fix release (#20252)
  • 0c213ce ci: use \<@&1450591255485743204> over @here for discord notificationw
  • 5bf8bc5 refactor: types for benchmarks and tests
  • 505a5e7 chore(release): new release (#20188)
  • 0c06680 refactor: update eslint configuration
  • 2eb0d6a ci: release announcement (#20238)
  • b2b2459 ci: cancel in progress (#20239)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps-dev): bump webpack from 5.95.0 to 5.104.1
68bd273 
Bumps [webpack](https://github.com/webpack/webpack) from 5.95.0 to 5.104.1.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack@v5.95.0...v5.104.1)

---
updated-dependencies:
- dependency-name: webpack
  dependency-version: 5.104.1
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 5, 2026
@chargome chargome self-assigned this Feb 6, 2026
@chargome chargome enabled auto-merge (squash) February 6, 2026 15:55
@github-actions
Copy link
Contributor

github-actions bot commented Feb 6, 2026
edited
Loading

Codecov Results 📊

Generated by Codecov Action

@github-actions
Copy link
Contributor

github-actions bot commented Feb 6, 2026
edited
Loading

size-limit report 📦

Path Size % Change Change
@sentry/browser 25.53 kB -0.02% -3 B 🔽
@sentry/browser - with treeshaking flags 24.05 kB +0.21% +49 B 🔺
@sentry/browser (incl. Tracing) 42.36 kB -0.04% -15 B 🔽
@sentry/browser (incl. Tracing, Profiling) 47.02 kB -0.01% -4 B 🔽
@sentry/browser (incl. Tracing, Replay) 81.01 kB -0.01% -6 B 🔽
@sentry/browser (incl. Tracing, Replay) - with treeshaking flags 70.65 kB +0.06% +36 B 🔺
@sentry/browser (incl. Tracing, Replay with Canvas) 85.71 kB -0.01% -3 B 🔽
@sentry/browser (incl. Tracing, Replay, Feedback) 97.9 kB +0.02% +10 B 🔺
@sentry/browser (incl. Feedback) 42.27 kB +0.02% +8 B 🔺
@sentry/browser (incl. sendFeedback) 30.22 kB - -
@sentry/browser (incl. FeedbackAsync) 35.21 kB -0.06% -21 B 🔽
@sentry/browser (incl. Metrics) 26.71 kB +0.25% +65 B 🔺
@sentry/browser (incl. Logs) 26.85 kB +0.22% +58 B 🔺
@sentry/browser (incl. Metrics & Logs) 27.53 kB +0.23% +61 B 🔺
@sentry/react 27.3 kB +0.2% +52 B 🔺
@sentry/react (incl. Tracing) 44.68 kB +0.11% +48 B 🔺
@sentry/vue 29.98 kB +0.03% +7 B 🔺
@sentry/vue (incl. Tracing) 44.2 kB -0.02% -7 B 🔽
@sentry/svelte 25.55 kB +0.03% +6 B 🔺
CDN Bundle 28.08 kB - -
CDN Bundle (incl. Tracing) 43.15 kB - -
CDN Bundle (incl. Logs, Metrics) 28.92 kB - -
CDN Bundle (incl. Tracing, Logs, Metrics) 43.99 kB - -
CDN Bundle (incl. Replay, Logs, Metrics) 67.86 kB - -
CDN Bundle (incl. Tracing, Replay) 79.91 kB - -
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) 80.77 kB - -
CDN Bundle (incl. Tracing, Replay, Feedback) 85.33 kB - -
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) 86.23 kB - -
CDN Bundle - uncompressed 82.12 kB - -
CDN Bundle (incl. Tracing) - uncompressed 127.83 kB - -
CDN Bundle (incl. Logs, Metrics) - uncompressed 84.95 kB - -
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed 130.66 kB - -
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed 208.33 kB - -
CDN Bundle (incl. Tracing, Replay) - uncompressed 244.43 kB - -
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed 247.25 kB - -
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed 257.23 kB - -
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed 260.04 kB - -
@sentry/nextjs (client) 47.02 kB +0.1% +43 B 🔺
@sentry/sveltekit (client) 42.78 kB +0.04% +16 B 🔺
@sentry/node-core 52.19 kB +0.03% +12 B 🔺
@sentry/node 166.28 kB -0.01% -15 B 🔽
@sentry/node - without tracing 93.97 kB +0.01% +6 B 🔺
@sentry/aws-serverless 109.47 kB -0.02% -13 B 🔽

View base workflow run

@github-actions
Copy link
Contributor

github-actions bot commented Feb 6, 2026
edited
Loading

node-overhead report 🧳

Note: This is a synthetic benchmark with a minimal express app and does not necessarily reflect the real-world performance impact in an application.

Scenario Requests/s % of Baseline Prev. Requests/s Change %
GET Baseline 8,943 - 9,178 -3%
GET With Sentry 1,653 18% 1,725 -4%
GET With Sentry (error only) 6,078 68% 6,156 -1%
POST Baseline 1,198 - 1,217 -2%
POST With Sentry 581 48% 609 -5%
POST With Sentry (error only) 1,082 90% 1,068 +1%
MYSQL Baseline 3,300 - 3,347 -1%
MYSQL With Sentry 449 14% 485 -7%
MYSQL With Sentry (error only) 2,705 82% 2,735 -1%

View base workflow run

@chargome chargome merged commit b9fbb9c into develop Feb 7, 2026
217 checks passed
@chargome chargome deleted the dependabot/npm_and_yarn/webpack-5.104.1 branch February 7, 2026 07:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chargome chargome chargome approved these changes

Assignees

@chargome chargome

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chargome