Skip to content

chore(deps-dev): Bump webpack from 5.108.3 to 5.108.4#62

Merged
NeiRo21 merged 1 commit into
mainfrom
dependabot/npm_and_yarn/webpack-5.108.4
Jul 12, 2026
Merged

chore(deps-dev): Bump webpack from 5.108.3 to 5.108.4#62
NeiRo21 merged 1 commit into
mainfrom
dependabot/npm_and_yarn/webpack-5.108.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 8, 2026

Copy link
Copy Markdown
Contributor

Bumps webpack from 5.108.3 to 5.108.4.

Release notes

Sourced from webpack's releases.

v5.108.4

Patch Changes

Changelog

Sourced from webpack's changelog.

5.108.4

Patch Changes

Commits
  • bb9ccfd chore(release): new release (#21319)
  • 7639066 fix: invalidate provided-exports cache with lazy barrel (#21326)
  • ae28c54 perf: reduce CPU and memory overhead of the HTML and CSS pipelines (#21332)
  • e6fb547 perf: re-encode the HTML AST as struct-of-arrays behind a path-based visitor ...
  • 5ce1c22 fix(html): resolve asset URLs against <base href> (#21329)
  • 0e43c4a test(html): cover generateError, ignored-source, and null-character parse pat...
  • cebd793 refactor: build export-presence guards from a lazy boolean formula (#21320)
  • c2628cf fix: don't resolve new URL() directory references as modules (#21312)
  • 00d8b2f perf: speed up non-CSS-Modules CSS parsing by skipping unused AST work (#21324)
  • f7a3f6d perf: reduce HTML parser memory and CPU with parser-level skip options (#21323)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [webpack](https://github.com/webpack/webpack) from 5.108.3 to 5.108.4.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack@v5.108.3...v5.108.4)

---
updated-dependencies:
- dependency-name: webpack
  dependency-version: 5.108.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 8, 2026
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/webpack 5.108.4 🟢 5.7
Details
CheckScoreReason
Code-Review🟢 3Found 7/22 approved changesets -- score normalized to 3
Maintained🟢 1030 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 2badge detected: InProgress
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Pinned-Dependencies🟢 10all dependencies are pinned
Binary-Artifacts⚠️ 0binaries present in source code
SAST🟢 10SAST tool is run on all commits
Fuzzing⚠️ 0project is not fuzzed

Scanned Files

  • package-lock.json

@NeiRo21
NeiRo21 merged commit d6f385e into main Jul 12, 2026
6 checks passed
@NeiRo21
NeiRo21 deleted the dependabot/npm_and_yarn/webpack-5.108.4 branch July 12, 2026 15:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant