fix: correct import specifier parsing and sharing hostname validation#21232
Conversation
🦋 Changeset detectedLatest commit: 14471d4 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
This PR is packaged and the instant preview is available (b9323eb). Install it locally:
npm i -D webpack@https://pkg.pr.new/webpack@b9323eb
yarn add -D webpack@https://pkg.pr.new/webpack@b9323eb
pnpm add -D webpack@https://pkg.pr.new/webpack@b9323eb |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #21232 +/- ##
==========================================
+ Coverage 92.77% 92.79% +0.01%
==========================================
Files 591 591
Lines 64488 64556 +68
Branches 17920 17946 +26
==========================================
+ Hits 59829 59905 +76
+ Misses 4659 4651 -8
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
Merging this PR will not alter performance
|
| Mode | Benchmark | BASE |
HEAD |
Efficiency | |
|---|---|---|---|---|---|
| ❌ | Memory | benchmark "asset-modules-bytes", scenario '{"name":"mode-development-rebuild","mode":"development","watch":true}' |
247.3 KB | 322.8 KB | -23.39% |
| ❌ | Memory | benchmark "devtool-source-map", scenario '{"name":"mode-production","mode":"production"}' |
6.4 MB | 8.1 MB | -20.79% |
| ❌ | Memory | benchmark "devtool-eval", scenario '{"name":"mode-production","mode":"production"}' |
6.4 MB | 8.1 MB | -20.65% |
| ⚡ | Memory | benchmark "future-defaults", scenario '{"name":"mode-production","mode":"production"}' |
8.8 MB | 6.8 MB | +30.69% |
Tip
Investigate this regression by commenting @codspeedbot fix this regression on this PR, or directly use the CodSpeed MCP with your agent.
Comparing claude/webpack-code-scanning-access-61eytn (14471d4) with main (40b972f)
Cook string and template import specifiers per ECMAScript escape semantics (octal, hex, unicode, line continuations, template CR normalization) when collecting filesystem-cache build dependencies, returning the same value the engine would evaluate. Also correct the module-sharing hostname regex so dotted segments are validated.
Feed an ESM build dependency whose template-literal and non-analyzable dynamic imports exercise every parseString escape branch (hex, unicode, code point, octal, named, line continuations, and the throwing paths).
f96af53 to
14471d4
Compare
Summary
When collecting filesystem-cache build dependencies,
parseStringinlib/FileSystemInfo.jsdecoded import specifiers withJSON.parseand an incomplete quote-rewrite, so single-quoted and template specifiers with escapes (\x,\u,\u{…}, octal, line continuations) were decoded differently from what the engine evaluates — leading to wrong build-dependency paths and stale cache invalidation. It is now a proper character-by-character parser that cooks string and template literals per ECMAScript escape semantics (verified againstevalover 44 string/template cases). It prefers the lexer's already-decodedimp.nand uses the parser as a fallback. Separately, the module-sharing hostname regex (RE_HOSTNAME) matched dotted segments too loosely; tightened so dotted hostnames validate correctly.What kind of change does this PR introduce?
fix
Did you add tests for your changes?
Yes — new
test/configCases/cache-filesystem/dependencies/case exercising the full range of import specifier/escape forms, and an updated expectation intest/SharingUtil.unittest.js.Does this PR introduce a breaking change?
No.
If relevant, what needs to be documented once your changes are merged or what have you already documented?
n/a
Use of AI
AI (Claude) was used to implement the specifier parser and tests; the output was reviewed and verified by diffing the parser against
evalacross string and template literal cases.Generated by Claude Code