Skip to content

Releases: web-infra-dev/rspack

v1.1.8

19 Dec 08:23
Compare
Choose a tag to compare

Security Vulnerability Report

Overview

This is a re-release version of v1.1.6

On 12/19/2024, 02:01 (UTC), we discovered that our npm packages @rspack/core and @rspack/cli were maliciously attacked. The attacker released v1.1.7 using a compromised npm token, which contained malicious code. We took immediate action upon discovering the issue.

Impact

  • Affected versions: @rspack/core and @rspack/cli v1.1.7
  • Duration: 12/19/2024, 02:01 (UTC), lasting approximately 1 hour
  • Malicious code impact: After npm install, the postinstall script in package.json runs malicious code in dist/util/support.js. See Malicious code analysis for more details.

Actions Taken

Upon discovery, we immediately deprecated the affected v1.1.7, redirected the npm latest tag to v1.1.6, and reset all related tokens.
Subsequently, we released a secure new version v1.1.8.

Recommended Actions

If you installed v1.1.7 during the affected period, please:

  1. Update to the latest safe version immediately: @rspack/core and @rspack/cli to >= 1.1.8
  2. Check your system for any unusual activity

Apology and Commitment

We deeply apologize for the risks caused by this incident. To prevent similar incidents from happening again, we will implement stricter token management protocols and enhance our security review processes.

If you have any questions or discover any suspicious activity, please create an issue or send an email to: [email protected]

We will continue to follow and respond to community feedback.

v1.1.6

10 Dec 06:45
Compare
Choose a tag to compare

What's Changed

Highlights πŸ’‘

Reduced memory usage

Rspack's memory usage in large projects has been significantly reduced since v1.1.6:

Related PRs:

  • perf: improve cached source data struct by @SyMind in #8602
  • perf: reduce heap allocations for RuntimeModule by @h-a-n-a in #8620
  • perf: avoid heap allocation for getting connections by @ahabhgk in #8625

Performance Improvements ⚑

  • perf: replace RawSource with smaller RawStringSource and RawBufferSource by @h-a-n-a in #8629

Exciting New Features πŸŽ‰

Bug Fixes 🐞

Document Updates πŸ“–

Other Changes

New Contributors

Full Changelog: v1.1.5...v1.1.6

v1.1.5

03 Dec 09:04
Compare
Choose a tag to compare

What's Changed

Highlights πŸ’‘

refactor css loading

Since #7306, we have aligned with webpack's CSS loading strategy, which assumed that CSS finished loading before executing JavaScript, which is not true. Both Rspack and webpack have changed the CSS loading strategy to address this issue.

For more specific details on the original problem, please refer to this link.
Webpack fixed this in webpack/webpack#19021
Rspack fixed this in #8534

Performance Improvements ⚑

Exciting New Features πŸŽ‰

  • feat(mf): recursive search for versions of shared dependencies by @inottn in #8388
  • feat: support output.environment.nodePrefixForCoreModules by @inottn in #8516
  • feat(rspack_cacheable): as attr support use with dyn trait by @jerrykingxyz in #8535
  • feat: support analysing AMD module format by @nilptr in #8389
  • feat(cli): set default process.title by @chenjiahan in #8576
  • feat: support chunksSortMode option to HtmlRspackPlugin by @inottn in #8585

Bug Fixes 🐞

  • fix: reset the progress bar in the correct hook by @inottn in #8429
  • fix: get encoded asset content correctly by @inottn in #8545
  • fix: missing dependencies type in Module class by @SyMind in #8552
  • fix: chunk render cache panic on css extract diagnostics by @ahabhgk in #8562
  • fix: should report errors if stats was being accessed after the compiler was closed by @h-a-n-a in #8561
  • fix: add missing affectedHooks parameter to ProvidePlugin by @inottn in #8570
  • fix: rule.issuerLayer by @SyMind in #8572
  • fix: should have module-post-order-index when incremental build by @JSerFeng in #8559
  • fix: rebuild should reset module.preOrderIndex by @JSerFeng in #8413
  • fix(incremental): infer async modules test cases and add loggings for incremental by @ahabhgk in #8580
  • fix: prevent from accessing outdated compilation by @SyMind in #8591
  • fix(incremental): get affected modules with chunk graph perf regression by @ahabhgk in #8592

Document Updates πŸ“–

Other Changes

Full Changelog: v1.1.4...v1.1.5

v1.1.4

26 Nov 08:52
Compare
Choose a tag to compare

What's Changed

Exciting New Features πŸŽ‰

Bug Fixes 🐞

  • fix(incremental): wrong runtime module when rebuild by @ahabhgk in #8504
  • fix: WebWorkerTemplatePlugin should generate import-scripts chunk loading runtime by @h-a-n-a in #8523
  • fix: handle DataURI without base64 word by @inottn in #8380
  • fix: variable name conflict with concatenate and runtime code by @inottn in #8386

Document Updates πŸ“–

Other Changes

New Contributors

Full Changelog: v1.1.3...v1.1.4

v1.1.3

21 Nov 08:35
Compare
Choose a tag to compare

What's Changed

Performance Improvements ⚑

  • perf: reduce source map json stringify by @SyMind in #8468
  • perf: move matching logic in source map plugin to rust side by @inottn in #8481

Exciting New Features πŸŽ‰

Bug Fixes 🐞

Other Changes

Full Changelog: v1.1.2...v1.1.3

v1.1.2

20 Nov 04:34
4c6ea10
Compare
Choose a tag to compare

What's Changed

πŸ’‘ Highlights

DefinePlugin destructuring optimization

Rspack v1.1.2 improved the output of DefinePlugin by eliminating unused object properties from the final bundle, resulting in a smaller output size:

Exciting New Features πŸŽ‰

Bug Fixes 🐞

  • fix: output should be consistent when using splitChunks by @JSerFeng in #8425
  • fix(core): remove hang risk caused by coop budget in tokio by @hardfist in #8434
  • fix: should not free native compiler while compiler is running by @h-a-n-a in #8437
  • fix: align bytes ptr address for cacheable::from_byte by @jerrykingxyz in #8450
  • fix: correct favicon path when output.publicPath is set to auto by @inottn in #8415
  • fix(lightningcss): align type with lightningcss by @GiveMe-A-Name in #8456
  • fix: the attribute values of HTML tags should not be converted to lowercase by @inottn in #8443
  • fix: should respect max size correctly by @JSerFeng in #8442
  • fix(modern-module): remove extra import statement for star reexport by @fi3ework in #8457
  • fix: set the correct asset_info when extracting css by @inottn in #8454
  • fix: linux musl resolve failed by @jerrykingxyz in #8467
  • fix: modify css loading runtime panic by @ahabhgk in #8475

Document Updates πŸ“–

Other Changes

New Contributors

Full Changelog: v1.1.1...v1.1.2

v1.1.1

12 Nov 13:49
Compare
Choose a tag to compare

πŸ’‘ Highlights

Support for DllPlugin

This release introduced rspack.DllPlugin and rspack.DllReferencePlugin in #8296 to be compatible with webpack's DLLPlugin and DllReferencePlugin.

DLL plugins help you improve build performance by separating rarely-changed code (like vendor dependencies) into separate bundles. The term "DLL" stands for Dynamic-link library. See here for more information.

What's Changed

Exciting New Features πŸŽ‰

Bug Fixes 🐞

  • fix(cli): Run config function before looking for --config-name by @andersk in #8363
  • fix: items_to_regexp for chinese by @SyMind in #8368
  • fix: allow passing Infinity to parser.asset.dataUrlCondition.maxSize by @inottn in #8344
  • fix(side effects): should optimize for same target export by @ahabhgk in #8371
  • fix: tapable run in wrong closure by @SyMind in #8376
  • fix: required amd in umd external object by @LingyuCoder in #8369
  • fix: panic in sort of chunk combination bucket by @LingyuCoder in #8392
  • fix: compile time evaluation of __webpack_layer__ by @inottn in #8381
  • fix: panic when imported json file is empty by @LingyuCoder in #8397
  • fix: css runtime should have hmr handler when lazy-compilation by @JSerFeng in #8400
  • fix: fix Compiler not getting freed after use by @h-a-n-a in #8268

Document Updates πŸ“–

Other Changes

Full Changelog: v1.1.0...v1.1.1

v1.1.0

07 Nov 07:15
Compare
Choose a tag to compare

See Announcing Rspack 1.1 for more details.

What's Changed

Performance Improvements ⚑

Exciting New Features πŸŽ‰

Bug Fixes 🐞

Document Updates πŸ“–

Other Changes

Read more

v1.1.0-beta.0

31 Oct 11:20
Compare
Choose a tag to compare

πŸ’‘ Highlights

New experiments.incremental

We are implementing a new incremental rebuild architecture that makes the HMR much faster. It's an experimental feature in v1.1 and we still have more work to do before we stabilize it, but for now we have implemented parts of it and seen significant performance boosts.

In a case of 10000 React components, the HMR becomes 38% faster:

Tip

Checkout our docs for more details, and it's still in early stage but we hope you can try it out and provide us with some bugs and feedback at #8106.

Faster output.hashFunction

Rspack's output.hashFunction now defaults to the faster xxhash64, and the output.hashDigestLength now defaults to 16 (prev 20).

In the very large projects, this change will bring a significant performance improvement:

hyperfine --warmup 1 --runs 3 'HASH_FUNCTION=md4 node --run build:rspack' 'HASH_FUNCTION=xxhash64 node --run build:rspack'
Benchmark 1: HASH_FUNCTION=md4 node --run build:rspack
  Time (mean Β± Οƒ):     11.428 s Β±  0.758 s    [User: 83.504 s, System: 5.808 s]
  Range (min … max):   10.892 s … 12.295 s    3 runs

Benchmark 2: HASH_FUNCTION=xxhash64 node --run build:rspack
  Time (mean Β± Οƒ):      9.697 s Β±  0.318 s    [User: 79.664 s, System: 6.127 s]
  Range (min … max):    9.374 s … 10.009 s    3 runs

Summary
  HASH_FUNCTION=xxhash64 node --run build:rspack ran
    1.18 Β± 0.09 times faster than HASH_FUNCTION=md4 node --run build:rspack

Related PR: #8249

What's Changed

Performance Improvements ⚑

Exciting New Features πŸŽ‰

Bug Fixes 🐞

  • fix: temporarily use lightingcss_rs to fix CSS property order by @GiveMe-A-Name in #8182
  • fix(deps): upgrade rspack_resolver 0.3.5 to fix extensionAlias edge cases by @SoonIter in #8188
  • fix: should correct cacheGroups test regex by @JSerFeng in #8204
  • fix(type): rspack function type in cjs require by @SoonIter in #8169
  • fix(modern-module): concatenate entry module regardless bail reasons by @fi3ework in #8165
  • fix(ci): trigger pkg-preview when the needs are skipped by @shulaoda in #8216
  • fix: incremental provided exports should rebuild clean exports info by @ahabhgk in #8221
  • fix: module_executor support layer by @jerrykingxyz in #8212
  • fix: expose incremental.buildChunkGraph by @JSerFeng in #8240
  • fix: compile time evaluation of require.ensure by @LingyuCoder in #8242
  • fix(cli): display the error which is thrown by the plugin during the starting of rspack serve by @LingyuCoder in #8244
  • fix: preserve star export from external module by @fi3ework in #8217
  • fix: sourceMapFilename is relative by @SyMind in #8269
  • fix(type): Make iterators compatible with TS 5.6 --target ESNext by @andersk in #8279

Document Updates πŸ“–

Other Changes

Read more

v1.0.14

22 Oct 07:13
Compare
Choose a tag to compare

What's Changed

Performance Improvements ⚑

Exciting New Features πŸŽ‰

Bug Fixes 🐞

Document Updates πŸ“–

Other Changes

New Contributors

Full Changelog: v1.0.13...v1.0.14