Webpack-defaults evolved from version 3.0.0 to 4.0.0, bringing notable changes for developers configuring webpack projects. The core purpose remains consistent: providing sensible defaults and project boilerplate. Version 4.0.0 introduces loader-utils and schema-utils as dependencies, packages crucial for writing loaders and validating webpack configuration, respectively - this means developers now have some quality of life improvements that were added from webpack side. Notably, babel-core was removed from devDependencies, indicating a likely shift towards using the @babel scoped packages exclusively which is a good sign. The dev dependencies also saw upgrades, like Jest (23.0.1 -> 24.5.0) and Webpack itself, from 4.27.1 to 4.29.6. These upgrades bring potentially better performance and feature richness during development and testing. A new dependency memory-fs was added for dev purpose as well. The standard-version dependency also jumps from 4.2.0 to 5.0.2, indicating that new release workflows have been added with a more standard tooling. Version 4.0.0 offers an updated and more robust foundation for webpack projects, especially for developers deeply involved in loader development or seeking current tooling. This version offers improvements in coding quality and also an upgradability path with the adoption of new web tooling.
All the vulnerabilities related to the version 4.0.0 of the package
Prototype Pollution Vulnerability in parse-git-config
An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expandKeys function.
