Skip to content

build(deps-dev): bump webpack-cli from 6.0.1 to 7.0.2 in /src/microsoft-trydotnet-editor#211

Merged
intellitect-bot merged 1 commit intomainfrom
dependabot/npm_and_yarn/src/microsoft-trydotnet-editor/webpack-cli-7.0.2
Apr 22, 2026
Merged

build(deps-dev): bump webpack-cli from 6.0.1 to 7.0.2 in /src/microsoft-trydotnet-editor#211
intellitect-bot merged 1 commit intomainfrom
dependabot/npm_and_yarn/src/microsoft-trydotnet-editor/webpack-cli-7.0.2

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 13, 2026

Bumps webpack-cli from 6.0.1 to 7.0.2.

Release notes

Sourced from webpack-cli's releases.

webpack-cli@7.0.2

Patch Changes

webpack-cli@7.0.1

Patch Changes

webpack-cli@7.0.0

Major Changes

  • The minimum supported version of Node.js is 20.9.0. (by @​alexander-akait in #4677)

  • Use dynamic import to load webpack.config.js, fallback to interpret only when configuration can't be load by dynamic import. Using dynamic imports allows you to take advantage of Node.js's built-in TypeScript support. (by @​alexander-akait in #4677)

  • Removed the --node-env argument in favor of the --config-node-env argument. (by @​alexander-akait in #4677)

  • The version command only output versions right now. (by @​alexander-akait in #4677)

  • Removed deprecated API, no action required unless you use import cli from "webpack-cli";/const cli = require("webpack-cli");. (by @​alexander-akait in #4677)

Patch Changes

Changelog

Sourced from webpack-cli's changelog.

7.0.2

Patch Changes

7.0.1

Patch Changes

7.0.0

Major Changes

  • The minimum supported version of Node.js is 20.9.0. (by @​alexander-akait in #4677)

  • Use dynamic import to load webpack.config.js, fallback to interpret only when configuration can't be load by dynamic import. Using dynamic imports allows you to take advantage of Node.js's built-in TypeScript support. (by @​alexander-akait in #4677)

  • Removed the --node-env argument in favor of the --config-node-env argument. (by @​alexander-akait in #4677)

  • The version command only output versions right now. (by @​alexander-akait in #4677)

  • Removed deprecated API, no action required unless you use import cli from "webpack-cli";/const cli = require("webpack-cli");. (by @​alexander-akait in #4677)

Patch Changes

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for webpack-cli since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps-dev): bump webpack-cli in /src/microsoft-trydotnet-editor
21460c2 
Bumps [webpack-cli](https://github.com/webpack/webpack-cli) from 6.0.1 to 7.0.2.
- [Release notes](https://github.com/webpack/webpack-cli/releases)
- [Changelog](https://github.com/webpack/webpack-cli/blob/main/CHANGELOG.md)
- [Commits](https://github.com/webpack/webpack-cli/compare/webpack-cli@6.0.1...webpack-cli@7.0.2)

---
updated-dependencies:
- dependency-name: webpack-cli
  dependency-version: 7.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file npm labels Apr 13, 2026
@dependabot dependabot Bot temporarily deployed to BuildAndUploadImage April 13, 2026 16:48 Inactive
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 22, 2026

🤖 Automated Major Version Review — APPROVED

Package: webpack-cli
Ecosystem: npm
Version change: 6.0.1 → 7.0.2 (major bump)

Research Summary

Breaking Changes Analysis

webpack-cli v7.0.0 introduced the following breaking changes:

  1. Minimum Node.js version raised to 20.9.0 — This repository uses Node.js 20 (node-version: '20' in .github/actions/setup-node/action.yml). The current LTS patch of Node.js 20 is well above 20.9.0, so this requirement is satisfied. CI also passes, confirming compatibility. ✅

  2. --node-env argument removed (renamed to --config-node-env in v6, now removed entirely) — Inspected all webpack scripts in package.json: "build": "webpack --mode production", "buildProd": "webpack --config ./webpack.config.js --config ./webpack-prod.config.js --merge", "buildDev": "webpack --mode development". None use --node-env. ✅

  3. Removed deprecated API (import cli from "webpack-cli" / require("webpack-cli")) — No such import found anywhere in the repository source code. ✅

  4. version command now only outputs versions — Not relied upon in any CI or build scripts. ✅

  5. Dynamic import used to load webpack.config.js — CI builds pass successfully, confirming this change is compatible. ✅

Security Check

2 advisories exist in the GitHub Advisory Database for webpack-cli, both attributed to HanJeouk and the webpack-cli maintainer alexander-akait. These advisories affect the old version (v6). Upgrading to v7 resolves these security issues, making this upgrade beneficial from a security standpoint.

Decision

✅ This major version update is safe to merge. CI checks pass, the diff contains only package.json and package-lock.json, no breaking changes affect this repository's usage of the package, and the upgrade resolves known security advisories.

Warning

⚠️ Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • security.snyk.io

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "security.snyk.io"

See Network Configuration for more information.

Note

🔒 Integrity filter blocked 1 item

The following item were blocked because they don't meet the GitHub integrity level.

  • #145 list_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

Generated by Dependabot Major Version Reviewer · ● 2.6M ·

@github-actions github-actions Bot added the ai-approved-major-update AI-reviewed major dependency update safe to merge label Apr 22, 2026
@intellitect-bot intellitect-bot merged commit 4244de6 into main Apr 22, 2026
13 checks passed
@intellitect-bot intellitect-bot deleted the dependabot/npm_and_yarn/src/microsoft-trydotnet-editor/webpack-cli-7.0.2 branch April 22, 2026 16:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

ai-approved-major-update AI-reviewed major dependency update safe to merge dependencies Pull requests that update a dependency file npm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@intellitect-bot