chore(deps): update dependency webpack to v5.105.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
webpack	5.104.1 → 5.105.0

---

Release Notes

webpack/webpack (webpack)

v5.105.0

Compare Source

Minor Changes

• Allow resolving worker module by export condition name when using new Worker() (by @​hai-x in #​20353)

• Detect conditional imports to avoid compile-time linking errors for non-existent exports. (by @​hai-x in #​20320)

• Added the tsconfig option for the resolver options (replacement for tsconfig-paths-webpack-plugin). Can be false (disabled), true (use the default tsconfig.json file to search for it), a string path to tsconfig.json, or an object with configFile and references options. (by @​alexander-akait in #​20400)

• Support import.defer() for context modules. (by @​ahabhgk in #​20399)

• Added support for array values ​​to the devtool option. (by @​hai-x in #​20191)

• Improve rendering node built-in modules for ECMA module output. (by @​hai-x in #​20255)

• Unknown import.meta properties are now determined at runtime instead of being statically analyzed at compile time. (by @​xiaoxiaojx in #​20312)

Patch Changes

• Fixed ESM default export handling for .mjs files in Module Federation (by @​y-okt in #​20189)

• Optimized import.meta.env handling in destructuring assignments by using cached stringified environment definitions. (by @​xiaoxiaojx in #​20313)

• Respect the stats.errorStack option in stats output. (by @​samarthsinh2660 in #​20258)

• Fixed a bug where declaring a module variable in module scope would conflict with the default moduleArgument. (by @​xiaoxiaojx in #​20265)

• Fix VirtualUrlPlugin to set resourceData.context for proper module resolution. Previously, when context was not set, it would fallback to the virtual scheme path (e.g., virtual:routes), which is not a valid filesystem path, causing subsequent resolve operations to fail. (by @​xiaoxiaojx in #​20390)

• Fixed Worker self-import handling to support various URL patterns (e.g., import.meta.url, new URL(import.meta.url), new URL(import.meta.url, import.meta.url), new URL("./index.js", import.meta.url)). Workers that resolve to the same module are now properly deduplicated, regardless of the URL syntax used. (by @​xiaoxiaojx in #​20381)

• Reuse the same async entrypoint for the same Worker URL within a module to avoid circular dependency warnings when multiple Workers reference the same resource. (by @​xiaoxiaojx in #​20345)

• Fixed a bug where a self-referencing dependency would have an unused export name when imported inside a web worker. (by @​samarthsinh2660 in #​20251)

• Fix missing export generation when concatenated modules in different chunks share the same runtime in module library bundles. (by @​hai-x in #​20346)

• Fixed import.meta.env.xxx behavior: when accessing a non-existent property, it now returns empty object instead of full object at runtime. (by @​xiaoxiaojx in #​20289)

• Improved parsing error reporting by adding a link to the loader documentation. (by @​gaurav10gg in #​20244)

• Fix typescript types. (by @​alexander-akait in #​20305)

• Add declaration for unused harmony import specifier. (by @​hai-x in #​20286)

• Fix compressibility of modules while retaining portability. (by @​dmichon-msft in #​20287)

• Optimize source map generation: only include ignoreList property when it has content, avoiding empty arrays in source maps. (by @​xiaoxiaojx in #​20319)

• Preserve star exports for dependencies in ECMA module output. (by @​hai-x in #​20293)

• Consider asset modulem to be side-effect free. (by @​hai-x in #​20352)

• Avoid generating JavaScript modules for CSS exports that are not used, reducing unnecessary output and bundle size. (by @​xiaoxiaojx in #​20337)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/enhanced-resolve	5.19.0	🟢 6.8	Details Check Score Reason Maintained 🟢 9 6 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 9 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 3 Found 8/22 approved changesets -- score normalized to 3 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/webpack	5.105.0	🟢 5.5	Details Check Score Reason Code-Review 🟢 6 Found 12/18 approved changesets -- score normalized to 6 Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 2 badge detected: InProgress License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Binary-Artifacts ⚠️ 0 binaries present in source code Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 7 3 existing vulnerabilities detected

Scanned Files

• package-lock.json