Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Bump serialize-javascript, @symfony/webpack-encore and workbox-webpack-plugin#3743

Open
dependabot[bot] wants to merge 1 commit into
6.1 from
dependabot/npm_and_yarn/multi-4ade9e2b88
Open

Bump serialize-javascript, @symfony/webpack-encore and workbox-webpack-plugin #3743
dependabot[bot] wants to merge 1 commit into
6.1 from
dependabot/npm_and_yarn/multi-4ade9e2b88

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 28, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps serialize-javascript to 7.0.6 and updates ancestor dependencies serialize-javascript, @symfony/webpack-encore and workbox-webpack-plugin. These dependencies need to be updated together.

Updates serialize-javascript from 4.0.0 to 7.0.6

Release notes

Sourced from serialize-javascript's releases.

v7.0.6

What's Changed

Full Changelog: yahoo/serialize-javascript@v7.0.5...v7.0.6

v7.0.5

Fixes

  • Improve robustness and validation for array-like object serialization.
  • Fix an issue where certain object structures could lead to excessive CPU usage.

For more details, please see GHSA-qj8w-gfj5-8c6v.

v7.0.4

What's Changed

Full Changelog: yahoo/serialize-javascript@v7.0.3...v7.0.4

v7.0.3

  • fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207) 2e609d0
  • build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206) 42b7cdb

yahoo/serialize-javascript@v7.0.2...v7.0.3

v7.0.2

What's Changed

Full Changelog: yahoo/serialize-javascript@v7.0.1...v7.0.2

v7.0.1

What's Changed

New Contributors

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for serialize-javascript since your current version.


Updates @symfony/webpack-encore from 1.8.2 to 7.1.0

Release notes

Sourced from @​symfony/webpack-encore's releases.

7.1.0 - The "Wait, We Forgot Some Things" Release

[!NOTE] A small follow-up to 7.0.0: a few dependency updates didn't make it into that release, so 7.1.0 ships them now. You get support for sass-loader v17 (v16 still works), @vue/babel-plugin-jsx bumped to v3, webpack-manifest-plugin requiring at least v6.0.1, and JS/CSS minifier peer dependencies relaxed to optional with no version constraint. No upgrade steps needed for most projects, just bump and go.

What's Changed

Full Changelog: symfony/webpack-encore@v7.0.0...v7.1.0


Thanks to everyone who contributed to this release! 🙌

Update Encore in your project:

npm install @symfony/webpack-encore@latest --save-dev
pnpm add --save-dev @symfony/webpack-encore@latest
yarn add --dev @symfony/webpack-encore@latest

7.0.0 - The ESM-Only & Async-first Release

[!IMPORTANT] Webpack Encore 7.0 is a big one: the config format moves to ESM (and Encore.getWebpackConfig() is now async), Babel 8 is required, and JS/CSS minification are unified under a single plugin.

Under the hood, the project itself got a proper refresh too, with Vitest replacing Mocha/Sinon/Chai, PNPM as the package manager, and Oxfmt handling formatting.

It's a breaking change release, but the end result is a cleaner, more modern Encore that's much better aligned with today's JS ecosystem.

See the upgrade guide before upgrading.

What's Changed

... (truncated)

Changelog

Sourced from @​symfony/webpack-encore's changelog.

7.1.0

  • Add support for sass-loader ^17.0.0
  • Add support for @vue/babel-plugin-jsx to ^3.0.0, remove support for @vue/babel-plugin-jsx to ^1.0.0
  • Update the minimum version of webpack-manifest-plugin to ^6.0.1
  • Declare the JS/CSS minifiers as optional peer dependencies without a version constraint, matching minimizer-webpack-plugin behavior

7.0.0

This is a new major version that contains several backwards-compatibility breaks.

BC Breaks

  • Migrate from CJS (CommonJS) to ESM (ES Modules)
  • Migrate synchronous API to asynchronous API
  • Drop support of Babel 7 in favor of Babel 8
  • Remove Encore.configureTerserPlugin() in favor of Encore.configureJsMinimizerPlugin()

Features

  • Add support for webpack-cli ^7.0.0
  • Add support for typescript ^6.0.0
  • Add support for Node.js` ^26.0.0
  • Add support of Babel 8
  • Use ESM exports in Encore.copyFiles() for better webpack optimizations
  • Use peerDependencies instead of devDependencies for optional dependencies checking
  • Replace css-minimizer-webpack-plugin and terser-webpack-plugin by minimizer-webpack-plugin to unify the minification process

See the upgrade guide for the full list of breaking changes and upgrade steps.

6.0.0

This is a new major version that contains several backwards-compatibility breaks, but for the best!

BC Breaks

  • Remove support of Node.js <22.13.0
  • Remove support of babel-loader@^9.1.3, see possible BC breaks in 10.0.0 release notes
  • Remove support of style-loader@^3.3.0, see possible BC breaks in 4.0.0 release notes
  • Remove support of less-loader@^11.0.0, see possible BC breaks in 12.0.0 release notes
  • Remove support of postcss-loader@^7.0.0, see possible BC breaks in 8.0.0 release notes
  • Remove support of stylus-loader@^7.0.0, see possible BC breaks in 8.0.0 release notes
  • Remove support of webpack-cli@^5.0.0, see possible BC breaks in 6.0.0 release notes
  • Remove unmaintained file-loader dependency The [N] placeholder (regex capture groups in filename patterns) is no longer supported. If you were using patterns like [1] or [2] in your Encore.copyFiles() filename option, you will need to restructure your file organization or use a different naming strategy.
  • Remove deprecated --https flag and devServerConfig.https option for webpack-dev-server, use --server-type https or configureDevServerOptions() with server: 'https' instead

Features

... (truncated)

Upgrade guide

Sourced from @​symfony/webpack-encore's upgrade guide.

Upgrading

7.0.0

[!IMPORTANT] v7.0.0 is ESM-only, Encore.getWebpackConfig() is now async, Babel 8 is required, and CSS minification is no longer enabled by default. These are real breaking changes, so please follow the steps below.

The Node.js ecosystem has largely moved to ESM as the standard module format. Most actively maintained packages now ship ESM-only, and since Encore already requires Node.js ^22.13.0 || >=24.0 (which has full ESM support), continuing to publish as CJS would mean fighting the ecosystem: pinning to older dependencies, adding workarounds, and missing out on tree-shaking and static analysis.

Moving to ESM also unlocks async/await in Encore's internals. Now that getWebpackConfig() is natively async, Encore can adopt modern async APIs from the ecosystem without hacks.

  • Migrate from CommonJS to ESM: the package now requires "type": "module" in your project or the use of .mjs file extensions. Update your webpack.config.js:

    // Before (CJS)
    const Encore = require('@symfony/webpack-encore');
    // ...
    module.exports = Encore.getWebpackConfig();
    // After (ESM)
    import Encore from '@​symfony/webpack-encore';
    // ...
    export default await Encore.getWebpackConfig();

    Note: Encore.getWebpackConfig() is now async and returns a Promise. Use await at the top level of your webpack config (webpack supports async config files natively).

  • If you prefer not to add "type": "module", rename your webpack config to webpack.config.mjs instead; webpack detects the .mjs extension and treats it as ESM automatically.

  • Replace __dirname and __filename with their ESM equivalents in your webpack config:

    // Before (CJS)
    path.resolve(__dirname, 'src/utilities/');
    config: [__filename];
    // After (ESM)
    path.resolve(import.meta.dirname, 'src/utilities/');
    config: [import.meta.filename];

... (truncated)

Commits
  • c1850cc Tagging 7.1.0
  • 6b47b11 Name release
  • bc9a789 minor #1500 Tweak CHANGELOG.md for StimulusBundle & ESM (Kocal)
  • 5f9268d Tweak CHANGELOG.md for StimulusBundle & ESM
  • 5ff162f feature #1499 Add support for sass-loader ^17.0.0 (Kocal)
  • 93b97aa Add support for sass-loader ^17.0.0
  • d58ed97 feature #1498 Relax the peerDependencies of the JS/CSS minifiers (Kocal)
  • 0ab1c5f Relax the peerDependencies of the JS/CSS minifiers
  • 3026e9a feature #1495 Update webpack-manifest-plugin to 6.0.1 (Kocal)
  • 289cee3 Update webpack-manifest-plugin to 6.0.1
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by kocal, a new releaser for @​symfony/webpack-encore since your current version.


Updates workbox-webpack-plugin from 6.6.0 to 7.4.1

Release notes

Sourced from workbox-webpack-plugin's releases.

Workbox v7.4.1

What's Changed

New Contributors

Full Changelog: GoogleChrome/workbox@v7.4.0...v7.4.1

Workbox v7.4.0

v7.4.0

  • Critical dependency updates.

Workbox v7.3.0

v7.3.0

  • Critical dependency updates.

v7.1.0

What's Changed ✏️

... (truncated)

Commits
  • 62b9d8b v7.4.1
  • b6b696c Merge pull request #3510 from GoogleChrome/chore/update-lock-file
  • 6524a7d Update test
  • 9a57e39 Run npm audit fix
  • 86035d8 Update lock file
  • c75363a Merge pull request #3508 from GoogleChrome/dependabot/github_actions/github/c...
  • 85383d6 Merge pull request #3507 from GoogleChrome/dependabot/npm_and_yarn/apideck/be...
  • a1cdb47 Bump github/codeql-action from 4 to 4.35.2
  • 05b276d Bump @​apideck/better-ajv-errors from 0.3.1 to 0.3.7
  • 8e6df29 Merge pull request #3489 from rtritto/replace-lodash
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by swissspidy, a new releaser for workbox-webpack-plugin since your current version.


@dependabot dependabot Bot added dependencies Pull requests that update a dependency file 🧹 Chore labels Jun 28, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-4ade9e2b88 branch 2 times, most recently from 6b023d8 to c869d4e Compare June 28, 2026 10:49
...k-plugin
Bumps [serialize-javascript](https://github.com/yahoo/serialize-javascript) to 7.0.6 and updates ancestor dependencies [serialize-javascript](https://github.com/yahoo/serialize-javascript), [@symfony/webpack-encore](https://github.com/symfony/webpack-encore) and [workbox-webpack-plugin](https://github.com/googlechrome/workbox). These dependencies need to be updated together.
Updates `serialize-javascript` from 4.0.0 to 7.0.6
- [Release notes](https://github.com/yahoo/serialize-javascript/releases)
- [Commits](yahoo/serialize-javascript@v4.0.0...v7.0.6)
Updates `@symfony/webpack-encore` from 1.8.2 to 7.1.0
- [Release notes](https://github.com/symfony/webpack-encore/releases)
- [Changelog](https://github.com/symfony/webpack-encore/blob/main/CHANGELOG.md)
- [Upgrade guide](https://github.com/symfony/webpack-encore/blob/main/UPGRADE.md)
- [Commits](symfony/webpack-encore@v1.8.2...v7.1.0)
Updates `workbox-webpack-plugin` from 6.6.0 to 7.4.1
- [Release notes](https://github.com/googlechrome/workbox/releases)
- [Commits](GoogleChrome/workbox@v6.6.0...v7.4.1)
---
updated-dependencies:
- dependency-name: "@symfony/webpack-encore"
 dependency-version: 7.1.0
 dependency-type: direct:development
- dependency-name: serialize-javascript
 dependency-version: 7.0.6
 dependency-type: indirect
- dependency-name: workbox-webpack-plugin
 dependency-version: 7.4.1
 dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-4ade9e2b88 branch from c869d4e to 77103f1 Compare June 28, 2026 10:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

🧹 Chore dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants

AltStyle によって変換されたページ (->オリジナル) /