Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BREAKING: Bump to webpack 5; use Node.js >= 18 #264

Merged
merged 14 commits into from
Nov 6, 2023
Merged

BREAKING: Bump to webpack 5; use Node.js >= 18 #264

merged 14 commits into from
Nov 6, 2023

Conversation

legobeat
Copy link
Contributor

@legobeat legobeat commented Oct 24, 2023
edited by rekmarks
Loading

  • Based on Dependencies update #223 rebased on main
  • Update webpack from 4 to 5
  • Add support for Node.js 18,20
  • Remove support for Node.js 16, which is EOL

webpack start seems to run fine locally for me but reviewers are encouraged to test manually.

@legobeat legobeat requested a review from seaona October 24, 2023 01:23
@legobeat legobeat force-pushed the dependencies-update-webpack-5 branch 2 times, most recently from c316c6d to 2e774ca Compare October 24, 2023 01:24
@legobeat legobeat requested review from ritave and Gudahtt October 24, 2023 01:25
@legobeat legobeat added the dependencies Pull requests that update a dependency file label Oct 24, 2023
@legobeat legobeat marked this pull request as ready for review October 24, 2023 01:25
@socket-security
Copy link

socket-security bot commented Oct 24, 2023
edited
Loading

Updated and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Packages Version New capabilities Transitives Size Publisher
webpack-cli 3.3.12...5.1.4 None +39/-268 6.26 MB evilebottnawi
clean-webpack-plugin 3.0.0...4.0.0 None +16/-238 5.33 MB johnagan
webpack-dev-server 3.11.2...4.15.1 network +73/-311 9.55 MB evilebottnawi
copy-webpack-plugin 6.0.2...11.0.0 None +27/-256 5.97 MB evilebottnawi

🚮 Removed packages: @lavamoat/[email protected], [email protected]

@socket-security
Copy link

socket-security bot commented Oct 24, 2023
edited
Loading

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: [email protected], [email protected], [email protected], @lavamoat/[email protected], [email protected], [email protected], [email protected], [email protected]

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all

@legobeat legobeat mentioned this pull request Oct 24, 2023
Open
@legobeat legobeat requested a review from a team October 24, 2023 09:26
@legobeat legobeat force-pushed the dependencies-update-webpack-5 branch from 06bb22a to d72f0a6 Compare October 24, 2023 09:45
@legobeat

This comment was marked as resolved.

Sign in to view
@legobeat

This comment was marked as resolved.

Sign in to view
@legobeat

This comment was marked as resolved.

Sign in to view
@legobeat

This comment was marked as resolved.

Sign in to view
@legobeat

This comment was marked as resolved.

Sign in to view
@legobeat legobeat force-pushed the dependencies-update-webpack-5 branch from d72f0a6 to a0abf65 Compare November 1, 2023 04:00
@legobeat legobeat requested a review from tmashuang November 1, 2023 04:00
@legobeat legobeat requested review from darkwing and jiexi November 1, 2023 04:01
@rekmarks rekmarks mentioned this pull request Nov 3, 2023
Closed
rekmarks
rekmarks approved these changes Nov 3, 2023
View reviewed changes
Copy link
Member

@rekmarks rekmarks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@legobeat legobeat changed the title Bump to webpack 5; support Node.js >= 18 BREAKING: Bump to webpack 5; support Node.js >= 18 Nov 6, 2023
@legobeat legobeat merged commit d600404 into MetaMask:main Nov 6, 2023
@rekmarks rekmarks changed the title BREAKING: Bump to webpack 5; support Node.js >= 18 BREAKING: Bump to webpack 5; use Node.js >= 18 Nov 14, 2023
Gudahtt added a commit that referenced this pull request Nov 21, 2023
@Gudahtt
Fix signing
c2b7f3d 
The signing examples were broken as of the update to Webpack v5 (#264).
The "verification" button for the signatures relies upon the Node.js
`assert` and `stream` APIs. Polyfills have been added for both of
these.

Additionally, the `assert` polyfill itself relies upon the Node.js
`process` API, and expects `process` to be a global. A polyfill has
been added for `process`, and it has been set as a global.
@Gudahtt Gudahtt mentioned this pull request Nov 21, 2023
Merged
Gudahtt added a commit that referenced this pull request Nov 21, 2023
@Gudahtt
Fix signing (#276)
d618601 
The signing examples were broken as of the update to Webpack v5 (#264).
The "verification" button for the signatures relies upon the Node.js
`assert` and `stream` APIs. Polyfills have been added for both of
these.

Additionally, the `assert` polyfill itself relies upon the Node.js
`process` API, and expects `process` to be a global. A polyfill has
been added for `process`, and it has been set as a global.
@legobeat legobeat mentioned this pull request Nov 22, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rekmarks rekmarks rekmarks approved these changes

@seaona seaona Awaiting requested review from seaona

@ritave ritave Awaiting requested review from ritave

@Gudahtt Gudahtt Awaiting requested review from Gudahtt

@tmashuang tmashuang Awaiting requested review from tmashuang

@darkwing darkwing Awaiting requested review from darkwing

@jiexi jiexi Awaiting requested review from jiexi

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@legobeat @rekmarks @seaona