chore(deps-dev): bump webpack-cli from 6.0.1 to 7.0.2

[dependabot]

Bumps webpack-cli from 6.0.1 to 7.0.2.

Release notes

Sourced from webpack-cli's releases.

webpack-cli@7.0.2

Patch Changes

• Resolve configuration path for cache build dependencies. (by @​alexander-akait in #4707)

webpack-cli@7.0.1

Patch Changes

• The file protocol for configuration options (--config/--extends) is supported. (by @​alexander-akait in #4702)

webpack-cli@7.0.0

Major Changes

• The minimum supported version of Node.js is 20.9.0. (by @​alexander-akait in #4677)

• Use dynamic import to load webpack.config.js, fallback to interpret only when configuration can't be load by dynamic import. Using dynamic imports allows you to take advantage of Node.js's built-in TypeScript support. (by @​alexander-akait in #4677)

• Removed the --node-env argument in favor of the --config-node-env argument. (by @​alexander-akait in #4677)

• The version command only output versions right now. (by @​alexander-akait in #4677)

• Removed deprecated API, no action required unless you use import cli from "webpack-cli";/const cli = require("webpack-cli");. (by @​alexander-akait in #4677)

Patch Changes

• Allow configuration freezing. (by @​alexander-akait in #4677)

• Use graceful shutdown when file system cache is enabled. (by @​alexander-akait in #4677)

• Performance improved. (by @​alexander-akait in #4677)

Changelog

Sourced from webpack-cli's changelog.

7.0.2

Patch Changes

• Resolve configuration path for cache build dependencies. (by @​alexander-akait in #4707)

7.0.1

Patch Changes

• The file protocol for configuration options (--config/--extends) is supported. (by @​alexander-akait in #4702)

7.0.0

Major Changes

• The minimum supported version of Node.js is 20.9.0. (by @​alexander-akait in #4677)

• Use dynamic import to load webpack.config.js, fallback to interpret only when configuration can't be load by dynamic import. Using dynamic imports allows you to take advantage of Node.js's built-in TypeScript support. (by @​alexander-akait in #4677)

• Removed the --node-env argument in favor of the --config-node-env argument. (by @​alexander-akait in #4677)

• The version command only output versions right now. (by @​alexander-akait in #4677)

• Removed deprecated API, no action required unless you use import cli from "webpack-cli";/const cli = require("webpack-cli");. (by @​alexander-akait in #4677)

Patch Changes

• Allow configuration freezing. (by @​alexander-akait in #4677)

• Use graceful shutdown when file system cache is enabled. (by @​alexander-akait in #4677)

• Performance improved. (by @​alexander-akait in #4677)

Commits

• 49efdc0 chore(release): new release (#4708)
• 1fc1b9d fix: resolve configuration path for build dependencies (#4707)
• fd02100 chore(release): new release (#4705)
• a653b02 fix: use a new create-webpack-app package name (#4704)
• 173e4bf chore(release): new release (#4703)
• c033657 ci: avoid extra step
• fd28679 fix: support file protocol in configuration options (#4702)
• 37e4270 chore: normalize package.json (#4700)
• d5290e3 ci: fix
• 0b116f7 chore(release): new release (#4679)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for webpack-cli since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 5fefd5b.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Package	Version	Score	Details
npm/@discoveryjs/json-ext	1.0.0	🟢 4.1	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 16 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/commander	14.0.3	🟢 7	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 8 Found 8/9 approved changesets -- score normalized to 8 Maintained 🟢 10 7 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST 🟢 10 SAST tool is run on all commits
npm/webpack-cli	7.0.2	🟢 5.7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/17 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• yarn.lock