Bump the dependencies group across 1 directory with 13 updates

[dependabot]

Bumps the dependencies group with 13 updates in the / directory:

Package	From	To
@react-spring/web	10.0.3	10.1.0
react	19.2.6	19.2.7
react-dom	19.2.6	19.2.7
react-router	7.15.1	7.16.0
react-router-dom	7.15.1	7.16.0
@babel/core	7.29.0	7.29.7
@babel/preset-env	7.29.5	7.29.7
@babel/preset-react	7.28.5	7.29.7
cypress	15.15.0	15.16.0
eslint-plugin-mdx	3.7.0	3.8.1
lint-staged	17.0.5	17.0.7
webpack	5.106.2	5.107.2
webpack-cli	7.0.2	7.0.3

Updates @react-spring/web from 10.0.3 to 10.1.0

Release notes

Sourced from @​react-spring/web's releases.

v10.1.0

What's Changed

• test(types): restore TypeScript 5.9 to CI matrix by @​joshuaellis in pmndrs/react-spring#2464
• test(types): restore TypeScript 6.0 to CI matrix by @​joshuaellis in pmndrs/react-spring#2465
• test(core): write bodies for skipped and todo tests by @​joshuaellis in pmndrs/react-spring#2466
• fix(shared): preserve decimal precision in string interpolator by @​joshuaellis in pmndrs/react-spring#2469
• feat(docs): migrate from Remix 2 to React Router 7 by @​joshuaellis in pmndrs/react-spring#2468
• fix(core): stop superseded loop chains on re-render by @​joshuaellis in pmndrs/react-spring#2471
• test(core): regression tests for issue #1638 by @​joshuaellis in pmndrs/react-spring#2504
• fix(core): expose new phase to useTransition render fn by @​joshuaellis in pmndrs/react-spring#2507
• docs: clarify SpringValues typing vs CSSProperties by @​joshuaellis in pmndrs/react-spring#2508
• test(core): regression test for issue #1661 by @​joshuaellis in pmndrs/react-spring#2509
• feat(core): add reverse prop to useTransition by @​joshuaellis in pmndrs/react-spring#2510
• docs(claude): refresh stale Node version notes by @​joshuaellis in pmndrs/react-spring#2512
• refactor(build): migrate tsup → tsdown by @​joshuaellis in pmndrs/react-spring#2513
• fix(core): fire onRest when animation is cancelled before its first frame by @​joshuaellis in pmndrs/react-spring#2511
• fix(web): exact-match transform function names in style key regex by @​joshuaellis in pmndrs/react-spring#2515
• fix(core): preserve velocity across retargets for decay animations by @​joshuaellis in pmndrs/react-spring#2516

Full Changelog: pmndrs/react-spring@v10.0.4...v10.1.0

v10.0.4

What's Changed

• chore: update readme by @​joshuaellis in pmndrs/react-spring#2399
• fix: exitBeforeEnter in useTransition doesn't work when used with trail (#1868) by @​hiebj in pmndrs/react-spring#2407
• chore: absorb mock-raf by @​joshuaellis in pmndrs/react-spring#2421
• chore: add speckit by @​joshuaellis in pmndrs/react-spring#2422
• chore: move to use PNPM by @​joshuaellis in pmndrs/react-spring#2423
• test: migrate to vitest browser by @​joshuaellis in pmndrs/react-spring#2424
• chore(lint): replace eslint with oxlint by @​joshuaellis in pmndrs/react-spring#2425
• chore(format): consolidate prettier configs by @​joshuaellis in pmndrs/react-spring#2426
• chore(format): replace prettier with oxfmt by @​joshuaellis in pmndrs/react-spring#2427
• chore: migrate husky hooks to v9 syntax by @​joshuaellis in pmndrs/react-spring#2428
• fix: replace react-spring.io with react-spring.dev by @​joshuaellis in pmndrs/react-spring#2429
• fix: events not firing when SpringRef attached manually under StrictMode by @​joshuaellis in pmndrs/react-spring#2430
• chore(test): run hook tests under React.StrictMode by @​joshuaellis in pmndrs/react-spring#2431
• fix(core): clear stale updates in useSprings layout effect by @​gumob in pmndrs/react-spring#2410
• fix(shared): report border-box dimensions from useResize by @​joshuaellis in pmndrs/react-spring#2432
• chore(ci): upgrade node to 22 lts (test on 22 and 24) by @​joshuaellis in pmndrs/react-spring#2433
• chore(deps): update actions/setup-node action to v6 by @​renovate[bot] in pmndrs/react-spring#2412
• chore(deps): update actions/checkout action to v6 by @​renovate[bot] in pmndrs/react-spring#2405
• chore: add release PR workflow and npm provenance by @​joshuaellis in pmndrs/react-spring#2434
• chore(ci): trim redundant node matrix and adopt .nvmrc in tests workflow by @​joshuaellis in pmndrs/react-spring#2437
• fix(core): phase-sync useTrail children on loop iterations by @​joshuaellis in pmndrs/react-spring#2435
• fix(core): run async script to to completion under skipAnimation by @​joshuaellis in pmndrs/react-spring#2438
• chore(renovate): group deps by ecosystem and isolate majors by @​joshuaellis in pmndrs/react-spring#2440
• fix(web): remove animated attributes when value is undefined by @​joshuaellis in pmndrs/react-spring#2439
• chore: version packages by @​github-actions[bot] in pmndrs/react-spring#2449

... (truncated)

Commits

• 3d0ca63 chore: version packages (#2517)
• b400824 chore: update pnpm lock file
• 6bd6613 fix(core): preserve velocity across retargets for decay animations (#2516)
• c220465 fix(web): exact-match transform function names in style key regex (#2515)
• 5812ef4 chore(docs): move to GCP
• ea58a76 chore(deps): update typescript to v6 (#2514)
• 84b058a fix(core): fire onRest when animation is cancelled before its first frame (#2...
• d886f1b refactor(build): migrate tsup → tsdown (#2513)
• 78bbfa7 docs(claude): refresh stale Node version notes (#2512)
• cd13304 feat(core): add reverse prop to useTransition (#2510)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​react-spring/web since your current version.

Updates react from 19.2.6 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

Commits

• 6117d7c Version 19.2.7 (#36591)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.

Updates react-dom from 19.2.6 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

Commits

• 6117d7c Version 19.2.7 (#36591)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.

Updates react-router from 7.15.1 to 7.16.0

Release notes

Sourced from react-router's releases.

v7.16.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7160

Changelog

Sourced from react-router's changelog.

v7.16.0

Minor Changes

• Stabilize future.unstable_trailingSlashAwareDataRequests as future.v8_trailingSlashAwareDataRequests (#15098)

Patch Changes

• Disable manifest path when lazy route dicovery is disabled (#15068)

• Fix browser URL creation to use the configured history window instead of the global window. (#15066)

  • Pass the history/router window through to createBrowserURLImpl so custom window contexts keep the correct URL origin.

• Fix useNavigation() return type to preserve discriminated union across navigation states (#15095)

• Widen MetaDescriptor script:ld+json type from LdJsonObject to LdJsonObject | LdJsonObject[] to permit multiple JSON-LD schemas in a single <script type="application/ld+json"> tag emitted by <Meta /> (#15082)

Commits

• 8984d23 Release v7.16.0 (#15105)
• d71025d Stabilize trailing slash aware data requests (#15098)
• 6e21b63 fix: keep useNavigation() return type a discriminated union (#15095)
• 4cde90b Support array of objects for script:ld+json meta descriptor (#15082)
• dc996ea fix(router): pass configured window to createBrowserURLImpl (#15066)
• cfb5fb0 Disable manifest handler when lazy route discovery is disabled (#15068)
• 16eb79e test: fix typo in test description (#15053)
• 4b464a9 chore: format
• See full diff in compare view

Updates react-router-dom from 7.15.1 to 7.16.0

Changelog

Sourced from react-router-dom's changelog.

v7.16.0

Patch Changes

• Remove stale/invalid unpkg field from package.json. This was removed from other packages with the release of v7 but missed in the react-router-dom re-export package (#15075)
• Updated dependencies:
  • react-router@7.16.0

Commits

• 8984d23 Release v7.16.0 (#15105)
• 3ed77af chore: format
• e96962b fix: remove stale unpkg field from react-router-dom (#15075)
• See full diff in compare view

Updates @babel/core from 7.29.0 to 7.29.7

Release notes

Sourced from @​babel/core's releases.

v7.29.7 (2026-05-25)

Re-release all packages with npm provenance attestations

v7.29.6 (2026-05-25)

🐛 Bug Fix

• babel-generator
  • #18014 Catchup source map position in preserveFormat (@​nicolo-ribaudo)
• babel-core
  • #18001 [7.x packport]Improve input source map handling (@​JLHwung)
• babel-core, babel-generator
  • #17998 Preserve original identifier names from input sourcemaps (#17992) (@​Andarist)

Committers: 3

• Huáng Jùnliàng (@​JLHwung)
• Mateusz Burzyński (@​Andarist)
• Nicolò Ribaudo (@​nicolo-ribaudo)

v7.29.5 (2026-05-05)

🏠 Internal

• babel-preset-env
  • Update @babel/* dependencies

v7.29.4 (2026-05-05)

🐛 Bug Fix

• babel-plugin-transform-modules-systemjs
  • #17974 [7.x backport]fix(systemjs): improve module string name support (@​JLHwung)

Committers: 1

• Huáng Jùnliàng (@​JLHwung)

v7.29.3 (2026-04-30)

👓 Spec Compliance

• babel-parser
  • #17923 Support flow extends bound (@​JLHwung)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #17931 fix(decorators): replace super within all removed static elements (@​JLHwung)
• babel-register
  • #17915 Fix thread synchronization issues in @babel/register (@​liuxingbaoyu)
• babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env
  • #17788 Add bugfix plugin for Safari array rest destructuring bug (@​JLHwung)

💅 Polish

• babel-parser

... (truncated)

Commits

• 4fba754 v7.29.7
• 04ea6b2 v7.29.6
• 99f498a [7.x packport]Improve input source map handling (#18001)
• feba0a3 Preserve original identifier names from input sourcemaps (#17992) (#17998)
• See full diff in compare view

Updates @babel/preset-env from 7.29.5 to 7.29.7

Release notes

Sourced from @​babel/preset-env's releases.

v7.29.7 (2026-05-25)

Re-release all packages with npm provenance attestations

v7.29.6 (2026-05-25)

🐛 Bug Fix

• babel-generator
  • #18014 Catchup source map position in preserveFormat (@​nicolo-ribaudo)
• babel-core
  • #18001 [7.x packport]Improve input source map handling (@​JLHwung)
• babel-core, babel-generator
  • #17998 Preserve original identifier names from input sourcemaps (#17992) (@​Andarist)

Committers: 3

• Huáng Jùnliàng (@​JLHwung)
• Mateusz Burzyński (@​Andarist)
• Nicolò Ribaudo (@​nicolo-ribaudo)

Commits

• 4fba754 v7.29.7
• See full diff in compare view

Updates @babel/preset-react from 7.28.5 to 7.29.7

Release notes

Sourced from @​babel/preset-react's releases.

v7.29.7 (2026-05-25)

Re-release all packages with npm provenance attestations

v7.29.6 (2026-05-25)

🐛 Bug Fix

• babel-generator
  • #18014 Catchup source map position in preserveFormat (@​nicolo-ribaudo)
• babel-core
  • #18001 [7.x packport]Improve input source map handling (@​JLHwung)
• babel-core, babel-generator
  • #17998 Preserve original identifier names from input sourcemaps (#17992) (@​Andarist)

Committers: 3

• Huáng Jùnliàng (@​JLHwung)
• Mateusz Burzyński (@​Andarist)
• Nicolò Ribaudo (@​nicolo-ribaudo)

v7.29.5 (2026-05-05)

🏠 Internal

• babel-preset-env
  • Update @babel/* dependencies

v7.29.4 (2026-05-05)

🐛 Bug Fix

• babel-plugin-transform-modules-systemjs
  • #17974 [7.x backport]fix(systemjs): improve module string name support (@​JLHwung)

Committers: 1

• Huáng Jùnliàng (@​JLHwung)

v7.29.3 (2026-04-30)

👓 Spec Compliance

• babel-parser
  • #17923 Support flow extends bound (@​JLHwung)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #17931 fix(decorators): replace super within all removed static elements (@​JLHwung)
• babel-register
  • #17915 Fix thread synchronization issues in @babel/register (@​liuxingbaoyu)
• babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env
  • #17788 Add bugfix plugin for Safari array rest destructuring bug (@​JLHwung)

💅 Polish

• babel-parser

... (truncated)

Commits

• 4fba754 v7.29.7
• f3a2226 [babel 7] Delete Babel 8 fixtures (#17729)
• See full diff in compare view

Updates cypress from 15.15.0 to 15.16.0

Release notes

Sourced from cypress's releases.

v15.16.0

Changelog: https://docs.cypress.io/app/references/changelog#15-16-0

Commits

• 22aaf23 chore: bump cypress-example-kitchensink to 6.0.2 for release (#33921)
• 448155c fix(cli): use verbose Listr renderer in CI for install + verify output (#33890)
• 01cd887 chore: surface wrong-passphrase client cert PEM errors consistently in OpenSS...
• 4534d04 fix: pin @​sinonjs/fake-timers type resolution in bundled sinon types (#33886)
• d7cd85a refactor(server): convert unit test specs to TypeScript (#33899)
• 2d5366d test: preserve allowCypressEnv in subscription test config rewrites (#33910)
• fcee425 chore: updating v8 snapshot cache (#33909)
• 986c3b2 chore: updating v8 snapshot cache (#33903)
• de76502 chore: Update v8 snapshot cache - linux (#33875)
• 247a033 chore: updating v8 snapshot cache (#33901)
• Additional commits viewable in compare view

Updates eslint-plugin-mdx from 3.7.0 to 3.8.1

Release notes

Sourced from eslint-plugin-mdx's releases.

eslint-plugin-mdx@3.8.1

Patch Changes

• #615 e36f2db Thanks @​JounQin! - fix: support ESLint config inspector

• Updated dependencies []:

  • eslint-mdx@3.8.1

eslint-plugin-mdx@3.8.0

Minor Changes

• #608 d7a37f5 Thanks @​controversial! - Adds ecmaFeatures: { jsx: true } to premade configs

Patch Changes

• Updated dependencies []:
  • eslint-mdx@3.8.0

eslint-plugin-mdx@3.7.1

Patch Changes

• Updated dependencies [a581355]:
  • eslint-mdx@3.7.1

Commits

• 615a11f chore: release package(s) (#616)
• e36f2db fix: support ESLint config inspector (#615)
• 1937b5d chore: release package(s) (#614)
• 549f4b7 chore: should release as minor instead
• 8267cdf chore(deps): update all dependencies (#595)
• d7a37f5 feat: enable ecmaFeatures.jsx in exported configs (#608)
• 01e2eaa chore(deps): update (#607)
• bc20c4b chore: remove unicorn plugin from fixtures (#613)
• 0565042 chore: use eslint 10 for development (#612)
• 281e6cf chore: release package(s) (#611)
• Additional commits viewable in compare view

Updates lint-staged from 17.0.5 to 17.0.7

Release notes

Sourced from lint-staged's releases.

v17.0.7

Patch Changes

• #1806 e692e58 - Update dependency tinyexec@^1.2.4.

v17.0.6

Patch Changes

• #1803 bdf2770 - Run all tests with Deno, in addition to Node.js and Bun.

• #1796 7508272 - Fix performance regression of lint-staged v17 by going back to using git add to stage task modifications. This was changed to git update-index --again in v17 for less manual work, but unfortunately the update-index command gets slower in very large Git repos.

• #1797 7b2505a - This version of lint-staged uses the new staged publishing for npm packages feature. Releases are already published from GitHub Actions with trusted publishing, but now an additional approval with two-factor authentication is also required.

• #1802 321b0a9 - Downgrade dependency tinyexec@1.2.2 to avoid issues in version 1.2.3.

Changelog

Sourced from lint-staged's changelog.

17.0.7

Patch Changes

• #1806 e692e58 - Update dependency tinyexec@^1.2.4.

17.0.6

Patch Changes

• #1803 bdf2770 - Run all tests with Deno, in addition to Node.js and Bun.

• #1796 7508272 - Fix performance regression of lint-staged v17 by going back to using git add to stage task modifications. This was changed to git update-index --again in v17 for less manual work, but unfortunately the update-index command gets slower in very large Git repos.

• #1797 7b2505a - This version of lint-staged uses the new staged publishing for npm packages feature. Releases are already published from GitHub Actions with trusted publishing, but now an additional approval with two-factor authentication is also required.

• #1802 321b0a9 - Downgrade dependency tinyexec@1.2.2 to avoid issues in version 1.2.3.

Commits

• cd11fec Merge pull request #1807 from lint-staged/changeset-release/main
• 15a8ee0 chore(changeset): release
• 797bbd9 Merge pull request #1808 from lint-staged/add-stashing-faq
• 504e307 docs: add FAQ entry on how stashing works
• eff5cd1 Merge pull request #1806 from lint-staged/update-tinyexec
• e692e58 build(deps): update tinyexec@^1.2.4
• a2dd4ea Merge pull request #1805 from lint-staged/update-github-templates
• c928519 docs: update GitHub templates
• 094ba56 Merge pull request #1798 from lint-staged/changeset-release/main
• 88e19fe chore(changeset): release
• Additional commits viewable in compare view

Updates webpack from 5.106.2 to 5.107.2

Release notes

Sourced from webpack's releases.

v5.107.2

Patch Changes

• Reduce per-file overhead in ContextModuleFactory.resolveDependencies by batching alternativeRequests hook calls. Previously the hook was invoked once per file in the context (with a single-item array), paying per-call overhead (closure allocation, resolverFactory.get, intermediate arrays in RequireContextPlugin) for every file. The hook is now invoked once per directory with all matched files in one batch — RequireContextPlugin's tap already iterates the items array, so the output is unchanged. Steady-state rebuild on a 4000-file require.context drops a further ~15 ms (after the watch-mode purge fix in the same release). (by @​alexander-akait in #21020)

• Include each external info's runtimeCondition in ConcatenatedModule#updateHash so changes to a concatenated external's runtime condition invalidate persistent caches instead of slipping through with the module id alone. (by @​alexander-akait in #21023)

• Fix HTML [contenthash] for referenced asset and inline-style URL changes. (by @​alexander-akait in #21018)

• Resolve chunk-hash placeholders in chunk URLs embedded into extracted HTML. (by @​alexander-akait in #21018)

• Remove unnecessary __webpack_require__ runtime helpers in ESM library output with multi-module chunks. (by @​xiaoxiaojx in #21032)

• Rewrite NormalModule#getSideEffectsConnectionState walk as an allocation-light iterative loop instead of a generator trampoline, restoring rebuild performance lost in #20993 while keeping deep import chains stack-safe. (by @​alexander-akait in #21014)

• Fix runtime ReferenceError on the first activation of a lazy-compiled module when output.library.type produces a closure-wrapped bundle (umd, umd2, amd, amd-require, system). (by @​alexander-akait in #21013)

  External modules of these types reference closure-bound identifiers like __WEBPACK_EXTERNAL_MODULE_react__, supplied by the library wrapper that is generated once per chunk. When lazyCompilation activates an entry or import for the first time, any external dependency the lazily-built module pulls in arrives in a hot-update chunk that lives outside the original wrapper closure, so its factory body cannot resolve the closure identifier and only a manual page refresh recovers.

  The inactive LazyCompilationProxyModule now declares statically-enumerable externals (string and object forms of externals) as its own dependencies, so the initial entry chunk's library wrapper already exposes their closure identifiers. When activation later pulls in those externals through the lazily-compiled module, they resolve to the already-installed factories instead of throwing. Function and RegExp externals are not pre-populated because their effective request set isn't knowable up front.

• Fill in missing entryOptions when an async block joins an existing entrypoint. (by @​alexander-akait in #21026)

• Release per-child codeGenerationResults in MultiCompiler and at Compiler.close to reduce memory retention. (by @​alexander-akait in #21015)

• Reduce peak memory of SourceMapDevToolPlugin on large builds (closes #20961). (by @​alexander-akait in #20963)

• Fix slow require.context() / dynamic import() rebuilds in watch mode (#13636). When a file inside a watched context directory changed, NodeWatchFileSystem would call inputFileSystem.purge(contextDir). The enhanced-resolve purge implementation matches cache keys with key.startsWith(contextDir), so the stat cache of every file under the directory was discarded on every rebuild — ContextModuleFactory.resolveDependencies then re-stat-ed the whole tree on each rebuild. Single-file rebuilds on a 4000-file context now reuse the warm stat cache, dropping median rebuild from ~1260 ms to ~650 ms in a local reproduction (≈49%). For directory items that are explicitly watched contexts, purge is now called with { exact: true } (added in enhanced-resolve@5.22.0) so only the directory's own entry is invalidated; file-level changes in the same aggregated event continue to purge file stats and the parent readdir as before. (by @​alexander-akait in #21020)

v5.107.1

Patch Changes

• Align the experimental HTML tokenizer with the WHATWG spec: fix offset-range bugs in the script-data, content-mode end-tag, attribute-value, and EOF states; surface tokenizer parse errors to consumers via a new parseError callback ("warning" when the tokenizer recovers and the emitted token is still well-formed, "error" when the offset range is incomplete — e.g. eof-in-tag); and add the full WHATWG named character references table so decodeHtmlEntities handles all named entities (including legacy bare forms like &AMP and multi-code-point entities like ≂̸) with proper longest-prefix backtracking. (by @​alexander-akait in #21000)

• Tree-shake CommonJS modules imported through a const NAME = require(LITERAL) binding when only static members of NAME are read. Previously webpack treated every export of such modules as referenced (because the bare require() dependency reports EXPORTS_OBJECT_REFERENCED), so unused exports.x = ... assignments remained in the bundle even with usedExports enabled. The parser now forwards NAME.x / NAME.x() / NAME["x"] accesses to the underlying CommonJsRequireDependency as referenced exports, falling back to the full exports object the moment NAME is read in any other context (passed by value, destructured later, accessed with a dynamic key, …). This brings the binding form to parity with the existing destructuring form (const { x } = require(...)). (by @​alexander-akait in #21003)

• Fix RangeError: Maximum call stack size exceeded thrown from HarmonyImportSideEffectDependency.getModuleEvaluationSideEffectsState on long linear chains of side-effect-free imports. NormalModule.getSideEffectsConnectionState previously descended through HarmonyImportSideEffectDependency.getModuleEvaluationSideEffectsState recursively, adding two stack frames per module, which overflowed V8's stack at a few thousand modules deep. The traversal is now iterative. (by @​alexander-akait in #20993)

• Fix NormalModuleFactory parser/generator types: (by @​alexander-akait in #20999)

  • module.generator.html now uses HtmlGeneratorOptions instead of EmptyGeneratorOptions (the extract option was hidden from the createGenerator / generator hook types).
  • WebAssembly (webassembly/async, webassembly/sync) generator hooks now use EmptyGeneratorOptions instead of EmptyParserOptions.
  • NormalModuleFactory#getParser / createParser / getGenerator / createGenerator are now generic over the module-type string, returning the specific parser/generator class for known types (e.g. JavascriptParser for "javascript/auto", CssGenerator for "css", etc.) instead of always returning the base Parser / Generator.
  • NormalModuleCreateData is now generic over the module type so parser, parserOptions, generator, and generatorOptions are narrowed to the specific class / options for the given type.

• Link import bindings used inside define(...) callbacks in ES modules. Previously, HarmonyDetectionParserPlugin skipped walking the arguments of define calls in harmony modules, so references to imported bindings inside an inline AMD define factory (e.g. define(function () { console.log(foo); })) were not rewritten to their imported references and could cause ReferenceError at runtime. Inner graph usage analysis is also fixed for the related pattern const fn = function () { foo; }; define(fn);. (by @​alexander-akait in #20990)

• HTML-entry pipeline (experiments.html + experiments.css): emit <link rel="stylesheet"> tags for CSS chunks reachable from a <script src> entry. Previously when the bundled JS imported CSS, the resulting .css file was emitted to disk but never referenced from the extracted HTML (no <link> tag), and when splitChunks extracted CSS into sibling chunks the HTML cloned the originating <script> for each one — producing <script src="style.js"> pointing at non-existent JS filenames instead of <link rel="stylesheet" href="style.css">. CSS chunks are now sorted by the entrypoint's module post-order index so the <link> tags also appear in source import order, fixing the cascade ordering issue documented in html-webpack-plugin#1838 and webpack/mini-css-extract-plugin#959 for HTML-entry builds. nonce/crossorigin/referrerpolicy are copied from the originating tag onto the emitted <link>. (by @​alexander-akait in #21002)

• Allow devtool and SourceMapDevToolPlugin (or multiple SourceMapDevToolPlugin instances) to coexist on the same asset. Previously the second instance would silently skip any asset whose info.related.sourceMap had already been set by an earlier instance, and even when it ran the asset had been rewrapped as a RawSource so no source map could be recovered — producing an empty .map file. The plugin now keeps a per-compilation stash of pristine source maps, namespaces its persistent cache entries by the options that affect output, and appends additional related.sourceMap entries instead of overwriting them. The classic workaround of pairing devtool: 'hidden-source-map' with a new webpack.SourceMapDevToolPlugin({ filename: '[file].secondary.map', noSources: true }) now produces both maps in a single build. (by @​alexander-akait in #21001)

... (truncated)

Changelog

Sourced from webpack's changelog.

5.107.2

Patch Changes

• Reduce per-file overhead in ContextModuleFactory.resolveDependencies by batching alternativeRequests hook calls. Previously the hook was invoked once per file in the context (with a single-item array), paying per-call overhead (closure allocation, resolverFactory.get, intermediate arrays in RequireContextPlugin) for every file. The hook is now invoked once per directory with all matched files in one batch — RequireContextPlugin's tap already iterates the items array, so the output is unchanged. Steady-state rebuild on a 4000-file require.context drops a further ~15 ms (after the watch-mode purge fix in the same release). (by @​alexander-akait in #21020)

• Include each external info's runtimeCondition in ConcatenatedModule#updateHash so changes to a concatenated external's runtime condition invalidate persistent caches instead of slipping through with the module id alone. (by @​alexander-akait in #21023)

• Fix HTML [contenthash] for referenced asset and inline-style URL changes. (by @​alexander-akait in #21018)

• Resolve chunk-hash placeholders in chunk URLs embedded into extracted HTML. (by @​alexander-akait in #21018)

• Remove unnecessary __webpack_require__ runtime helpers in ESM library output with multi-module chunks. (by @​xiaoxiaojx in #21032)

• Rewrite NormalModule#getSideEffectsConnectionState walk as an allocation-light iterative loop instead of a generator trampoline, restoring rebuild performance lost in

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml