Big changes

• Environment
  • Node.js 4 is no longer supported. Source Code was upgraded to a higher ecmascript version.
• Usage
  • You have to choose (mode or --mode) between two modes now: production or development
    • production enables all kind of optimizations to generate optimized bundles
    • development enables comments and hint for development and enables the eval devtool
    • production doesn't support watching, development is optimized for fast incremental rebuilds
    • production also enables module concatenating (Scope Hoisting)
    • You can configure this in detail with the flags in optimization.* (build your custom mode)
    • process.env.NODE_ENV are set to production or development (only in built code, not in config)
    • There is a hidden none mode which disables everything
• Syntax
  • import() always returns a namespace object. CommonJS modules are wrapped into the default export
    • This probably breaks your code, if you used to import CommonJs with import()
• Configuration
  • You no longer need to use these plugins:
    • NoEmitOnErrorsPlugin -> optimization.noEmitOnErrors (on by default in production mode)
    • ModuleConcatenationPlugin -> optimization.concatenateModules (on by default in production mode)
    • NamedModulesPlugin -> optimization.namedModules (on by default in develoment mode)
  • CommonsChunkPlugin was removed -> optimization.splitChunks, optimization.runtimeChunk
• JSON
  • webpack now handles JSON natively
    • You may need to add type: "javascript/auto" when transforming JSON via loader to JS
    • Just using JSON without loader should still work
  • allows to import JSON via ESM syntax
    • unused exports elimination for JSON modules
• Optimization
  • Upgrade uglifyjs-webpack-plugin to v1
    • ES15 support

Big features

• Modules
  • webpack now supports these module types:
    • javascript/auto: (The default one in webpack 3) Javascript module with all module systems enabled: CommonJS, AMD, ESM
    • javascript/esm: EcmaScript modules, all other module system are not available
    • javascript/dynamic: Only CommonJS and, EcmaScript modules are not available
    • json: JSON data, it's available via require and import
    • webassembly/experimental: WebAssembly modules (currently experimental)
  • javascript/esm handles ESM more strictly compared to javascript/auto:
    • Imported names need to exist on imported module
    • Dynamic modules (non-esm, i. e. CommonJs) can only imported via default import, everything else (including namespace import) emit errors
  • In .mjs modules are javascript/esm by default
  • WebAssembly modules
    • can import other modules (JS and WASM)
    • Exports from WebAssembly modules are validated by ESM import
      • You'll get a warning/error when trying to import a non-existing export from WASM
    • can only be used in async chunks. They doesn't work in initial chunks (would be bad for web performance)
      • Import modules using WASM via import()
    • This is an experimental feature and subject of change
• Optimization
  • sideEffects: false is now supported in package.json
    • sideEffects in package.json also supports glob expressions and arrays of glob expressions
  • Instead of a JSONP function a JSONP array is used -> async script tag support, order no longer matter
  • New optimization.splitChunks option was introduced
    Details: https://gist.github.com/sokra/1522d586b8e5c0f5072d7565c2bee693
  • Dead branches are now removed by webpack itself
    • Before: Uglify removed the dead code
    • Now: webpack removes the dead code (in some cases)
    • This prevents crashing when import() occur in a dead branch
• Syntax
  • webpackInclude and webpackExclude are supported by the magic comment for import(). They allow to filter files when using a dynamic expression.
  • Using System.import() now emits a warning
    • You can disable the warning with Rule.parser.system: true
    • You can disable System.import with Rule.parser.system: false
• Configuration
  • Resolving can now be configured with module.rules[].resolve. It's merged with the global configuration.
  • optimization.minimize has been added to switch minimizing on/off
    • By default: on in production mode, off in development mode
  • optimization.minimizer has been added to configurate minimizers and options
• Usage
  • Some Plugin options are now validated
  • CLI has been move to webpack-cli, you need to install webpack-cli to use the CLI
  • The ProgressPlugin (--progress) now displays plugin names
    • At least for plugins migrated to the new plugin system
• Performance
  • UglifyJs now caches and parallizes by default
  • Multiple performance improvements, especially for faster incremental rebuilds
  • performance improvement for RemoveParentModulesPlugin
• Stats
  • Stats can display modules nested in concatenated modules

Features

• Configuration
  • Module type is automatically choosen for mjs, json and wasm extensions. Other extensions need to be configured via module.rules[].type
  • Incorrect options.dependencies configurations now throw error
  • sideEffects can be overriden via module.rules
  • output.hashFunction can now be a Constructor to a custom hash function
    • You can provide a non-cryto hash function for performance reasons
  • add output.globalObject config option to allow to choose the global object reference in runtime exitCode
• Runtime
  • Error for chunk loading now includes more information and two new properties type and request.
• Devtool
  • remove comment footer from SourceMaps and eval
  • add support for include test and exclude to the eval source map devtool plugin
• Performance
  • webpacks AST can be passed directly from loader to webpack to avoid extra parsing
  • Unused modules are no longer unnecessarly concatenated
  • Add a ProfilingPlugin which write a (Chrome) profile file which includes timings of plugins
  • Migrate to using for of instead of forEach
  • Migrate to using Map and Set instead of Objects
  • Migrate to using includes instead of indexOf
  • Replaced some RegExp with string methods
  • Queue don't enqueues the same job twice
  • Use faster md4 hash for hashing by default
• Optimization
  • When using more than 25 exports mangled export names are shorter.
  • script tags are no longer text/javascript and async as this are the default values (saves a few bytes)
  • The concatenated module now generates a bit less code
  • constant replacements now don't need __webpack_require__ and argument is omitted
• Defaults
  • webpack now looks for the .wasm, .mjs, .js and .json extensions in this order
  • output.pathinfo is now on by default in develoment mode
  • in-memory caching is now off by default in production
  • entry defaults to ./src
  • output.path defaults to ./dist
  • Use production defaults when omiting the mode option
• Usage
  • Add detailed progress reporting to SourceMapDevToolPlugin
  • removed plugins now give a useful error message
• Stats
  • Sizes are now shown in kiB instead of kB in Stats
  • entrypoints are now shows by default in Stats
  • chunks now display <{parents}> >{children}< and ={siblings}= in Stats
  • add buildAt time to stats
  • stats json now includes the output path
• Syntax
  • A resource query is supported in context
  • Referencing entry point name in import() now emits a error instead of a warning
  • Upgraded to acorn 5 and support ES 2018
• Plugins
  • done is now an async hook

Bugfixes

• Generated comments no longer break on */
• webpack no longer modifies the passed options object
• Compiler "watch-run" hook now has the Compiler as first parameter
• add output.chunkCallbackName to the schema to allow configurating WebWorker template
• Using module.id/loaded now correctly bails out of Module Concatentation (Scope Hoisting)
• OccurenceOrderPlugin now sorts modules in correct order (instead of reversed)
• timestamps for files are read from watcher when calling Watching.invalidate
• fix incorrect -! behavior with post loaders
• add run and watchRun hooks for MultiCompiler
• this is now undefined in ESM
• VariableDeclaration are correctly identified as var, const or let
• Parser now parse the source code with the correct source type (module/script) when the module type javascript/dynamic or javascript/module is used.
• don't crash on missing modules with buildMeta of null
• add original-fs module for electron targets
• HMRPlugin can be added to the Compiler outside of plugins

Internal changes

• Replaced plugin calls with tap calls (new plugin system)
• Migrated many deprecated plugins to new plugin system API
• added buildMeta.exportsType: "default" for json modules
• Remove unused methods from Parser (parserStringArray, parserCalculatedStringArray)
• Remove ability to clear BasicEvaluatedExpression and to have multiple types
• Buffer.from instead of new Buffer
• Avoid using forEach and use for of instead
• Use neo-async instead of async
• Update tapable and enhanced-resolve dependencies to new major versions
• Use prettier

Removed features

• removed module.loaders
• removed loaderContext.options
• removed Compilation.notCacheable flag
• removed NoErrorsPlugin
• removed Dependency.isEqualResource
• removed NewWatchingPlugin
• removed CommonsChunkPlugin

Breaking changes for plugins/loaders

• new plugin system
  • plugin method is backward-compatible
  • Plugins should use Compiler.hooks.xxx.tap(<plugin name>, fn) now
• New major version of enhanced-resolve
• Templates for chunks may now generate multiple assets
• Chunk.chunks/parents/blocks are no longer Arrays. A Set is used internally and there are methods to access it.
• Parser.scope.renames and Parser.scope.definitions are no longer Objects/Arrays, but Map/Sets.
• Parser uses StackedSetMap (LevelDB-like datastructure) instead of Arrays
• Compiler.options is no longer set while applying plugins
• Harmony Dependencies has changed because of refactoring
• Dependency.getReference() may now return a weak property. Dependency.weak is now used by the Dependency base class and returned in the base impl of getReference()
• Constructor arguments changed for all Modules
• Merged options into options object for ContextModule and resolveDependencies
• Changed and renamed dependencies for `import()
• Moved Compiler.resolvers into Compiler.resolverFactory accessible with plugins
• Dependency.isEqualResource has been replaced with Dependency.getResourceIdentifier
• Methods on Template are now static
• A new RuntimeTemplate class has been added and outputOptions and requestShortener has been moved to this class
  • Many methods has been updated to use the RuntimeTemplate instead
  • We plan to move code which accesses the runtime to this new class
• Module.meta has been replaced with Module.buildMeta
• Module.buildInfo and Module.factoryMeta have been added
• Some properties of Module have been moved into the new objects
• added loaderContext.rootContext which points to the context options. Loaders may use it to make stuff relative to the application root.
• add this.hot flag to loader context when HMR is enabled
• buildMeta.harmony has been replaced with buildMeta.exportsType: "namespace
• The chunk graph has changed:
  • Before: Chunks were connected with parent-child-relationships.
  • Now: ChunkGroups are connected with parent-child-relationships. ChunkGroups contain Chunks in order.
  • Before: AsyncDependenciesBlocks reference a list of Chunks in order.
  • Now: AsyncDependenciesBlocks reference a single ChunkGroup.
• file/contextTimestamps are Maps now
• map/foreach Chunks/Modules/Parents methods are now deprecated/removed
• NormalModule accept options object in Constructor
• Added required generator argument for NormalModule
• Added createGenerator and generator hooks for NormalModuleFactory to customize code generation
• Allow to customize render manifest for Chunks via hooks

The new version differs by 838 commits.

• 213226e 4.0.0
• fde0183 Merge pull request #6081 from webpack/formating/prettier
• b6396e7 update stats
• f32bd41 fix linting
• 5238159 run prettier on existing code
• 518d1e0 replace js-beautify with prettier
• 4c25bfb 4.0.0-beta.3
• dd93716 Merge pull request #6296 from shellscape/fix/hmr-before-node-stuff
• 7a07901 Merge pull request #6563 from webpack/performance/assign-depth
• c7eb895 Merge pull request #6452 from webpack/update_acorn
• 9179980 Merge pull request #6551 from nveenjain/fix/templatemd
• e52f323 optimize performance of assignDepth
• 6bf5df5 Fixed template.md
• 90ab23a Merge branch 'master' into fix/hmr-before-node-stuff
• b0949cb add integration test for spread operator

There are 250 commits in total.

See the full diff

There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.

Bug Fixes

• add: Always use POSIX paths when computing relative file: specifiers (ffe354f)
• add: Support explicit & implicit relative file: specifiers (41f231f)
• create: Use filename without scope when generating imports from test file (acfd48b)
• publish: Improve npm pack experience (627cfc2)

Features

• changed: Support list output options (6ecdd83)
• list: Extract @lerna/listable utility (bf56018)
• list: Improve scriptability with several new options (2e204af)
• npm-publish: Add npmPack export (088ea54)
• package: Add tarball property (be453cd)
• publish: Run npm pack before npm publish (8d80b2c)
• publish: Validate npm registry and package access prerequisites (ebc8ba6), closes #55 #1045 #1347
• Add @lerna/log-packed module, extracted from npm (9c767ac)
• version: Split lerna version from of lerna publish (#1522) (8b97394),
  closes #277 #936 #956 #961 #1056 #1118 #1385 #1483 #1494

BREAKING CHANGES

lerna changed

• The package names emitted to stdout are no longer prefixed by a "- ", and private packages are no longer displayed by default.

lerna ls

• The default output of lerna ls no longer shows version strings or private packages.
• The new alias lerna la resembles the old output, with the addition of relative path to the package
• The new alias lerna ll is a shortcut for the new --long option
• A new --parseable option has been added to aid magical piping incantations

lerna publish

• --preid now defaults to "alpha" during prereleases:

  The previous default for this option was undefined, which led to an awkward "1.0.1-0" result when passed to semver.inc().

  The new default "alpha" yields a much more useful "1.0.1-alpha.0" result. Any previous prerelease ID will be preserved, justas it was before.

• --no-verify is no longer passed to git commit by default, but controlled by the new --commit-hooks option:

  The previous behavior was too overzealous, and the new option operates exactly like the corresponding npm version option of the same name.

  As long as your pre-commit hooks are properly scoped to ignore changes in package.json files, this change should not affect you. If that is not the case, you may pass --no-commit-hooks to restore the previous behavior.

There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.

v2.0.0-rc.1 (2017-04-07)

A silent (but deadly) bug slipped into the last release. Many thanks to (@timdp) for discovering it.

🐛 Bug Fix

• #744 Fix package.json updates during publish. (@evocateur)

The new version differs by 94 commits .

• d12c4da 2.0.0-rc.1
• c1e7910 Update changelog for v2.0.0-rc.1
• ad7e214 Fix package.json updates during publish (#744)
• 634d16d fix: use relative path for file: dependency
• f81a940 2.0.0-rc.0
• 7319e56 v2.0.0-rc.0 changelog (#739)
• 25e9b9c Use babel-preset-env (#738)
• c2fbcb2 Update eslint, config, and plugins (#737)
• c9ed57a Command: pass explicit CWD to Repository constructor (#734)
• 0cd40ec Commands: pass execOpts to all utility executions to avoid implicit process.cwd() (#733)
• 114a07a Update FAQ.md (#736)
• 048d0cb test(all): Refactor into Jest idioms, adding integration tests (#714)
• 6de5cc5 fix(PackageUtilities): remove public API, it's broken anyway (#732)
• e4b9454 fix(BootstrapCommand): symlink binaries of scoped packages correctly (#731)
• 2be31cd Upgrade progress (#729)

There are 94 commits in total. See the full diff.

There is a collection of frequently asked questions and of course you may always ask my humans.

Updates

• Breaking change: webpack v4 is now supported. Older versions of webpack are not supported.
• Breaking change: drops support for Node.js v4, going forward we only support v6+ (same as webpack).
• webpack-dev-middleware updated to v2 (see changes).

Bugfixes

• After starting webpack-dev-server with an error in your code, it would not reload the page after fixing that error (#1317).
• DynamicEntryPlugin is now supported correctly (#1319).

Huge thanks to all the contributors!

Please note that webpack-serve will eventually be the successor of webpack-dev-server. The core features already work so if you're brave enough give it a try!

The new version differs by 20 commits.

• 6e1d886 3.0.0
• eedf10f Try again at fixing CI by upping timeout (necessary for node v6)
• dfe137c Hopefully fix failing CI tests (the hacky way)
• 1e7acca Actually make the yargs version test do something
• cdd10fa Stop testing node v4 on travis ci
• 7378e3e Merge branch 'webpack-4'
• ab4eeb0 Fix page not reloading after fixing first error on page (#1317)
• dbea323 Update deps
• f4f14ce Fix support for DynamicEntryPlugin (#1319)
• 398c773 3.0.0-beta.2
• cdc7288 Simplify build webpack configs thanks to webpack 4
• e603e0d Allow no publicPath or entry point (#1310)
• 9852a5f 3.0.0-beta.1
• 6db2e85 Fix tests after webpack v4 upgrade
• eb2f0a9 Fix option rename in webpack-dev-middleware

There are 20 commits in total.

See the full diff

There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.

Sourced from qs's changelog.

6.5.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] utils.merge`: avoid a crash with a null target and a truthy non-array source
• [Fix] correctly parse nested arrays
• [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [Fix] when parseArrays is false, properly handle keys ending in []
• [Fix] fix for an impossible situation: when the formatter is called with a non-string value
• [Fix] utils.merge: avoid a crash with a null target and an array source
• [Refactor] utils: reduce observable [[Get]]s
• [Refactor] use cached Array.isArray
• [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
• [Refactor] parse: only need to reassign the var once
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
• [Docs] Clarify the need for "arrayLimit" option
• [meta] fix README.md (#399)
• [meta] add FUNDING.yml
• [actions] backport actions from main
• [Tests] always use String(x) over x.toString()
• [Tests] remove nonexistent tape option
• [Dev Deps] backport from main

• 298bfa5 v6.5.3
• ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
• 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
• 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
• 12ac1c4 [meta] fix README.md (#399)
• 0338716 [actions] backport actions from main
• 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
• 51b8a0b add FUNDING.yml
• 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
• f814a7f [Dev Deps] backport from main
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.