fix(runtime): no new Function for loadEsmEntry

[ScriptedAlchemy]

Description

Comply with CSP where possible.
Use webpackIgnore instead of new function to avoid bundler modifications to esm import.
Stop using function eval for import

Related Issue

#3053

Types of changes

• Docs change / refactoring / dependency upgrade
• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)

Checklist

• I have added tests to cover my changes.
• All new and existing tests passed.
• I have updated the documentation.

[changeset-bot]

🦋 Changeset detected

Latest commit: 8a52e1e

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 38 packages

Name	Type
@module-federation/runtime	Patch
@module-federation/devtools	Patch
@module-federation/data-prefetch	Patch
@module-federation/dts-plugin	Patch
@module-federation/nextjs-mf	Patch
@module-federation/node	Patch
@module-federation/retry-plugin	Patch
@module-federation/runtime-tools	Patch
@module-federation/webpack-bundler-runtime	Patch
@module-federation/enhanced	Patch
@module-federation/modern-js	Patch
@module-federation/rspack	Patch
3008-runtime-remote	Patch
host	Patch
host-v5	Patch
host-vue3	Patch
remote1	Patch
remote2	Patch
remote3	Patch
remote4	Patch
@module-federation/modernjs	Patch
modernjs-ssr-dynamic-nested-remote	Patch
modernjs-ssr-dynamic-remote-new-version	Patch
modernjs-ssr-dynamic-remote	Patch
modernjs-ssr-host	Patch
modernjs-ssr-nested-remote	Patch
modernjs-ssr-remote-new-version	Patch
modernjs-ssr-remote	Patch
@module-federation/sdk	Patch
@module-federation/managers	Patch
@module-federation/manifest	Patch
@module-federation/third-party-dts-extractor	Patch
@module-federation/bridge-react	Patch
@module-federation/bridge-vue3	Patch
@module-federation/bridge-shared	Patch
@module-federation/bridge-react-webpack-plugin	Patch
@module-federation/esbuild	Patch
@module-federation/utilities	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[netlify]

✅ Deploy Preview for module-federation-docs ready!

Name	Link
🔨 Latest commit	8a52e1e
🔍 Latest deploy log	https://app.netlify.com/sites/module-federation-docs/deploys/6707285876262600089be25b
😎 Deploy Preview	https://deploy-preview-3054--module-federation-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[squadronai]

Summary

Here is a concise summary of the pull request:

The core changes in this pull request aim to improve the runtime's compliance with Content Security Policy (CSP) by avoiding the use of new Function() and eval() for loading ESM and SystemJS entries. The changes replace these potentially unsafe methods with more secure alternatives, such as import() with webpackIgnore and System.import(). This ensures that the runtime can be used in environments with stricter security policies, improving the overall robustness and security of the module federation core.

File Summaries

File	Summary
packages/runtime/src/utils/load.ts	The code changes aim to comply with Content Security Policy (CSP) by avoiding the use of new Function() and eval() for loading ESM and SystemJS entries. Instead, it utilizes import() with webpackIgnore and System.import() to load the remote entries, ensuring a more secure and CSP-compliant approach.

[squadronai]

Incremental Review

Comments posted: 1

Configuration

Squadron Mode: essential

Commits Reviewed

7e70770325cbfb3b063b78ddc620c56627a2c523...6fea09598e0e43c13c730b7681cc8bdd84184301

Files Reviewed

• packages/runtime/src/utils/load.ts

Files Ignored

These files were ignored due to the filter in the squadron.yaml file.

• .changeset/ai-quick-eagle.md

[squadronai]

Incremental Review

Comments posted: 0

Configuration

Squadron Mode: essential

Commits Reviewed

6fea09598e0e43c13c730b7681cc8bdd84184301...c43b3c330dce8defd6c9c028f28ba4a1974a39e8

Files Reviewed

• packages/runtime/src/utils/load.ts

Files Ignored

These files were ignored due to the filter in the squadron.yaml file.

• .changeset/ai-quick-eagle.md

[squadronai]

Incremental Review

Comments posted: 3

Configuration

Squadron Mode: essential

Commits Reviewed

7e70770325cbfb3b063b78ddc620c56627a2c523...a25d94f64076f7797ed4c944ef8af62ccc8672ee

Files Reviewed

• packages/runtime/src/utils/load.ts

Files Ignored

These files were ignored due to the filter in the squadron.yaml file.

• .changeset/ai-quick-eagle.md

[squadronai]

Incremental Review

Comments posted: 5

Configuration

Squadron Mode: essential

Commits Reviewed

fe4999349903a9f7f75ec3f425298913fdfe8524...f2d28bbd72f9bbf50f07a16b8c36a079c5ef7c8e

Files Reviewed

• packages/runtime/src/utils/load.ts

Files Ignored

These files were ignored due to the filter in the squadron.yaml file.

• .changeset/ai-quick-eagle.md

[squadronai]

Incremental Review

Comments posted: 3

Configuration

Squadron Mode: essential

Commits Reviewed

9bd1b120bfc1ab986a4f6a89f57895e98b4104a1...4986fbd65a1a46e0353d219e2dfd1f4493061a6d

Files Reviewed

• packages/runtime/src/utils/load.ts

Files Ignored

These files were ignored due to the filter in the squadron.yaml file.

• .changeset/ai-quick-eagle.md

[squadronai]

Incremental Review

Comments posted: 3

Configuration

Squadron Mode: essential

Commits Reviewed

8a772919beb8f0576baf29f322c4bfe9673e1e45...8a52e1e3c1d4ae62092df703e7a7c544fa04a8cb

Files Reviewed

• packages/runtime/src/utils/load.ts

Files Ignored

These files were ignored due to the filter in the squadron.yaml file.

• .changeset/ai-quick-eagle.md