webpack 5.58.1 → 5.60.0

package/lib/schemes/HttpUriPlugin.js

@@ -5,12 +5,13 @@
 
 "use strict";
 
-const { resolve, extname, dirname } = require("path");
+const { extname, basename } = require("path");
 const { URL } = require("url");
 const { createGunzip, createBrotliDecompress, createInflate } = require("zlib");
 const NormalModule = require("../NormalModule");
+const createSchemaValidation = require("../util/create-schema-validation");
 const createHash = require("../util/createHash");
-const { mkdirp } = require("../util/fs");
+const { mkdirp, dirname, join } = require("../util/fs");
 const memoize = require("../util/memoize");
 
 /** @typedef {import("../../declarations/plugins/schemes/HttpUriPlugin").HttpUriPluginOptions} HttpUriPluginOptions */
@@ -19,6 +20,18 @@ const memoize = require("../util/memoize");
 const getHttp = memoize(() => require("http"));
 const getHttps = memoize(() => require("https"));
 
+/** @type {(() => void)[] | undefined} */
+let inProgressWrite = undefined;
+
+const validate = createSchemaValidation(
+	require("../../schemas/plugins/schemes/HttpUriPlugin.check.js"),
+	() => require("../../schemas/plugins/schemes/HttpUriPlugin.json"),
+	{
+		name: "Http Uri Plugin",
+		baseDataPath: "options"
+	}
+);
+
 const toSafePath = str =>
 	str
 		.replace(/^[^a-zA-Z0-9]+|[^a-zA-Z0-9]+$/g, "")
@@ -104,7 +117,6 @@ class Lockfile {
 		this.version = 1;
 		/** @type {Map<string, LockfileEntry | "ignore" | "no-cache">} */
 		this.entries = new Map();
-		this.outdated = false;
 	}
 
 	static parse(content) {
@@ -251,25 +263,17 @@ const cachedWithKey = (fn, forceFn = fn) => {
 	return resultFn;
 };
 
-/**
- * @typedef {Object} HttpUriPluginAdvancedOptions
- * @property {string | typeof import("../util/Hash")=} hashFunction
- * @property {string=} hashDigest
- * @property {number=} hashDigestLength
- */
-
 class HttpUriPlugin {
 	/**
-	 * @param {HttpUriPluginOptions & HttpUriPluginAdvancedOptions} options options
+	 * @param {HttpUriPluginOptions} options options
 	 */
-	constructor(options = {}) {
+	constructor(options) {
+		validate(options);
 		this._lockfileLocation = options.lockfileLocation;
 		this._cacheLocation = options.cacheLocation;
 		this._upgrade = options.upgrade;
 		this._frozen = options.frozen;
-		this._hashFunction = options.hashFunction;
-		this._hashDigest = options.hashDigest;
-		this._hashDigestLength = options.hashDigestLength;
+		this._allowedUris = options.allowedUris;
 	}
 
 	/**
@@ -299,7 +303,8 @@ class HttpUriPlugin {
 				const logger = compilation.getLogger("webpack.HttpUriPlugin");
 				const lockfileLocation =
 					this._lockfileLocation ||
-					resolve(
+					join(
+						intermediateFs,
 						compiler.context,
 						compiler.name
 							? `${toSafePath(compiler.name)}.webpack.lock`
@@ -311,11 +316,10 @@ class HttpUriPlugin {
 						: lockfileLocation + ".data";
 				const upgrade = this._upgrade || false;
 				const frozen = this._frozen || false;
-				const hashFunction = this._hashFunction || "sha512";
-				const hashDigest =
-					this._hashDigest || compilation.outputOptions.hashDigest;
-				const hashDigestLength =
-					this._hashDigestLength || compilation.outputOptions.hashDigestLength;
+				const hashFunction = "sha512";
+				const hashDigest = "hex";
+				const hashDigestLength = 20;
+				const allowedUris = this._allowedUris;
 
 				let warnedAboutEol = false;
 
@@ -400,11 +404,13 @@ class HttpUriPlugin {
 					}
 				);
 
-				let outdatedLockfile = undefined;
+				/** @type {Map<string, LockfileEntry | "ignore" | "no-cache"> | undefined} */
+				let lockfileUpdates = undefined;
 				const storeLockEntry = (lockfile, url, entry) => {
 					const oldEntry = lockfile.entries.get(url);
+					if (lockfileUpdates === undefined) lockfileUpdates = new Map();
+					lockfileUpdates.set(url, entry);
 					lockfile.entries.set(url, entry);
-					outdatedLockfile = lockfile;
 					if (!oldEntry) {
 						logger.log(`${url} added to lockfile`);
 					} else if (typeof oldEntry === "string") {
@@ -440,8 +446,8 @@ class HttpUriPlugin {
 						if (!cacheLocation || !result.content)
 							return callback(null, result);
 						const key = getCacheKey(result.entry.resolved);
-						const filePath = resolve(cacheLocation, key);
-						mkdirp(intermediateFs, dirname(filePath), err => {
+						const filePath = join(intermediateFs, cacheLocation, key);
+						mkdirp(intermediateFs, dirname(intermediateFs, filePath), err => {
 							if (err) return callback(err);
 							intermediateFs.writeFile(filePath, result.content, err => {
 								if (err) return callback(err);
@@ -671,6 +677,19 @@ class HttpUriPlugin {
 						(url, callback) => fetchContentRaw(url, undefined, callback)
 					);
 
+					const isAllowed = uri => {
+						for (const allowed of allowedUris) {
+							if (typeof allowed === "string") {
+								if (uri.startsWith(allowed)) return true;
+							} else if (typeof allowed === "function") {
+								if (allowed(uri)) return true;
+							} else {
+								if (allowed.test(uri)) return true;
+							}
+						}
+						return false;
+					};
+
 					const getInfo = cachedWithKey(
 						/**
 						 * @param {string} url the url
@@ -678,6 +697,15 @@ class HttpUriPlugin {
 						 * @returns {void}
 						 */
 						(url, callback) => {
+							if (!isAllowed(url)) {
+								return callback(
+									new Error(
+										`${url} doesn't match the allowedUris policy. These URIs are allowed:\n${allowedUris
+											.map(uri => ` - ${uri}`)
+											.join("\n")}`
+									)
+								);
+							}
 							getLockfile((err, lockfile) => {
 								if (err) return callback(err);
 								const entryOrString = lockfile.entries.get(url);
@@ -789,7 +817,7 @@ Remove this line from the lockfile to force upgrading.`
 									// When there is a lockfile cache
 									// we read the content from there
 									const key = getCacheKey(entry.resolved);
-									const filePath = resolve(cacheLocation, key);
+									const filePath = join(intermediateFs, cacheLocation, key);
 									fs.readFile(filePath, (err, result) => {
 										const content = /** @type {Buffer} */ (result);
 										if (err) {
@@ -934,6 +962,7 @@ Run build with un-frozen lockfile to automatically fix lockfile.`
 						.tapAsync("HttpUriPlugin", (resource, module, callback) => {
 							return getInfo(resource, (err, result) => {
 								if (err) return callback(err);
+								module.buildInfo.resourceIntegrity = result.entry.integrity;
 								callback(null, result.content);
 							});
 						});
@@ -963,12 +992,60 @@ Run build with un-frozen lockfile to automatically fix lockfile.`
 				compilation.hooks.finishModules.tapAsync(
 					"HttpUriPlugin",
 					(modules, callback) => {
-						if (!outdatedLockfile) return callback();
-						intermediateFs.writeFile(
-							lockfileLocation,
-							outdatedLockfile.toString(),
-							callback
+						if (!lockfileUpdates) return callback();
+						const ext = extname(lockfileLocation);
+						const tempFile = join(
+							intermediateFs,
+							dirname(intermediateFs, lockfileLocation),
+							`.${basename(lockfileLocation, ext)}.${
+								(Math.random() * 10000) | 0
+							}${ext}`
 						);
+
+						const writeDone = () => {
+							const nextOperation = inProgressWrite.shift();
+							if (nextOperation) {
+								nextOperation();
+							} else {
+								inProgressWrite = undefined;
+							}
+						};
+						const runWrite = () => {
+							intermediateFs.readFile(lockfileLocation, (err, buffer) => {
+								if (err && err.code !== "ENOENT") {
+									writeDone();
+									return callback(err);
+								}
+								const lockfile = buffer
+									? Lockfile.parse(buffer.toString("utf-8"))
+									: new Lockfile();
+								for (const [key, value] of lockfileUpdates) {
+									lockfile.entries.set(key, value);
+								}
+								intermediateFs.writeFile(tempFile, lockfile.toString(), err => {
+									if (err) {
+										writeDone();
+										return intermediateFs.unlink(tempFile, () => callback(err));
+									}
+									intermediateFs.rename(tempFile, lockfileLocation, err => {
+										if (err) {
+											writeDone();
+											return intermediateFs.unlink(tempFile, () =>
+												callback(err)
+											);
+										}
+										writeDone();
+										callback();
+									});
+								});
+							});
+						};
+						if (inProgressWrite) {
+							inProgressWrite.push(runWrite);
+						} else {
+							inProgressWrite = [];
+							runWrite();
+						}
 					}
 				);
 			}

package/lib/serialization/Serializer.js

@@ -16,9 +16,7 @@ class Serializer {
 		let current = obj;
 		for (const middleware of this.serializeMiddlewares) {
 			if (current && typeof current.then === "function") {
-				current = current.then(
-					data => data && middleware.serialize(data, context)
-				);
+				current = current.then(data => data && middleware.serialize(data, ctx));
 			} else if (current) {
 				try {
 					current = middleware.serialize(current, ctx);
@@ -36,7 +34,7 @@ class Serializer {
 		let current = value;
 		for (const middleware of this.deserializeMiddlewares) {
 			if (current && typeof current.then === "function") {
-				current = current.then(data => middleware.deserialize(data, context));
+				current = current.then(data => middleware.deserialize(data, ctx));
 			} else {
 				current = middleware.deserialize(current, ctx);
 			}

package/lib/util/fs.js

@@ -83,6 +83,8 @@ const path = require("path");
  * @returns {Watcher} a watcher
  */
 
+// TODO webpack 6 make optional methods required
+
 /**
  * @typedef {Object} OutputFileSystem
  * @property {function(string, Buffer|string, Callback): void} writeFile

package/lib/util/propertyAccess.js

@@ -6,7 +6,7 @@
 "use strict";
 
 const SAFE_IDENTIFIER = /^[_a-zA-Z$][_a-zA-Z$0-9]*$/;
-const RESERVED_IDENTIFER = new Set([
+const RESERVED_IDENTIFIER = new Set([
 	"break",
 	"case",
 	"catch",
@@ -66,7 +66,7 @@ const propertyAccess = (properties, start = 0) => {
 		const p = properties[i];
 		if (`${+p}` === p) {
 			str += `[${p}]`;
-		} else if (SAFE_IDENTIFIER.test(p) && !RESERVED_IDENTIFER.has(p)) {
+		} else if (SAFE_IDENTIFIER.test(p) && !RESERVED_IDENTIFIER.has(p)) {
 			str += `.${p}`;
 		} else {
 			str += `[${JSON.stringify(p)}]`;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "webpack",
-  "version": "5.58.1",
+  "version": "5.60.0",
   "author": "Tobias Koppers @sokra",
   "description": "Packs CommonJs/AMD modules for the browser. Allows to split your codebase into multiple bundles, which can be loaded on demand. Support loaders to preprocess files, i.e. json, jsx, es7, css, less, ... and your custom stuff.",
   "license": "MIT",