Bump enhanced-resolve from 5.20.1 to 5.21.0 in the npm-dependencies group

[dependabot]

Bumps the npm-dependencies group with 1 update: enhanced-resolve.

Updates enhanced-resolve from 5.20.1 to 5.21.0

Release notes

Sourced from enhanced-resolve's releases.

v5.21.0

Minor Changes

• Added promise API and support to resolve without context and resolveContext. (by @​alexander-akait in #520)

• Add extensionAliasForExports option. When true, extensionAlias also applies to paths resolved through the package.json exports field. Off by default to match Node.js; opt in for full TypeScript-resolver parity with packages that ship .ts sources alongside the compiled .js they declare in exports. (by @​alexander-akait in #554)

Patch Changes

• Properly handle DOS device paths (\\?\… and \\.\…). (by @​alexander-akait in #551)

• Prevent fallback to parent node_modules when the exports field target file is not found. (by @​xiaoxiaojx in #495)

• Imports field spec deviation: non-relative targets (e.g. "#a": "#b") no longer re-enter imports resolution, aligning with the Node.js ESM spec where PACKAGE_IMPORTS_RESOLVE does not recursively resolve # specifiers. (by @​xiaoxiaojx in #503)

  Previously { "#a": "#b", "#b": "./the.js" } would chain-resolve #a to ./the.js; now it correctly fails, matching Node.js behavior.

• Move cachedJoin/cachedDirname/createCachedBasename caches from module-level globals to per-Resolver instances. This prevents unbounded memory growth in long-running processes — when a Resolver is garbage collected, its join/dirname/basename caches are released with it. (by @​xiaoxiaojx in #507)

• Fixed when tsconfig: true is used (default config file) and no tsconfig.json exists. (by @​xiaoxiaojx in #502)

• Apply the extensionAlias option to the imports field to be align with typescript resolution. (by @​alexander-akait in #549)

• Improved performance of the many plugins. (by @​alexander-akait in #529)

• Replace the Set<string>-based resolver stack with a singly-linked StackEntry class that exposes a Set-compatible API. (by @​xiaoxiaojx in #526)

  Each doResolve call now prepends a single linked-list node instead of cloning the entire Set, making stack push O(1) in time and memory. Recursion detection walks the linked list (O(n)), but because the stack is typically shallow this is much cheaper than cloning a Set per call.

• Cache the result of stripJsonComments + JSON.parse in readJson using a WeakMap keyed by the raw file buffer. This avoids redundant comment-stripping and JSON parsing on every resolve call that reads tsconfig.json files (via stripComments: true), improving TsconfigPathsPlugin warm performance by ~20-35% depending on the depth of the extends chain. (by @​xiaoxiaojx in #524)

• Avoid OOM in CachedInputFileSystem when duration is Infinity. (by @​alexander-akait in #527)

Changelog

Sourced from enhanced-resolve's changelog.

5.21.0

Minor Changes

• Added promise API and support to resolve without context and resolveContext. (by @​alexander-akait in #520)

• Add extensionAliasForExports option. When true, extensionAlias also applies to paths resolved through the package.json exports field. Off by default to match Node.js; opt in for full TypeScript-resolver parity with packages that ship .ts sources alongside the compiled .js they declare in exports. (by @​alexander-akait in #554)

Patch Changes

• Properly handle DOS device paths (\\?\… and \\.\…). (by @​alexander-akait in #551)

• Prevent fallback to parent node_modules when the exports field target file is not found. (by @​xiaoxiaojx in #495)

• Imports field spec deviation: non-relative targets (e.g. "#a": "#b") no longer re-enter imports resolution, aligning with the Node.js ESM spec where PACKAGE_IMPORTS_RESOLVE does not recursively resolve # specifiers. (by @​xiaoxiaojx in #503)

  Previously { "#a": "#b", "#b": "./the.js" } would chain-resolve #a to ./the.js; now it correctly fails, matching Node.js behavior.

• Move cachedJoin/cachedDirname/createCachedBasename caches from module-level globals to per-Resolver instances. This prevents unbounded memory growth in long-running processes — when a Resolver is garbage collected, its join/dirname/basename caches are released with it. (by @​xiaoxiaojx in #507)

• Fixed when tsconfig: true is used (default config file) and no tsconfig.json exists. (by @​xiaoxiaojx in #502)

• Apply the extensionAlias option to the imports field to be align with typescript resolution. (by @​alexander-akait in #549)

• Improved performance of the many plugins. (by @​alexander-akait in #529)

• Replace the Set<string>-based resolver stack with a singly-linked StackEntry class that exposes a Set-compatible API. (by @​xiaoxiaojx in #526)

  Each doResolve call now prepends a single linked-list node instead of cloning the entire Set, making stack push O(1) in time and memory. Recursion detection walks the linked list (O(n)), but because the stack is typically shallow this is much cheaper than cloning a Set per call.

• Cache the result of stripJsonComments + JSON.parse in readJson using a WeakMap keyed by the raw file buffer. This avoids redundant comment-stripping and JSON parsing on every resolve call that reads tsconfig.json files (via stripComments: true), improving TsconfigPathsPlugin warm performance by ~20-35% depending on the depth of the extends chain. (by @​xiaoxiaojx in #524)

• Avoid OOM in CachedInputFileSystem when duration is Infinity. (by @​alexander-akait in #527)

Commits

• 35035ca chore(release): new release (#496)
• fd688b1 perf: cache conditionalMapping + per-plugin description-file lookups (#556)
• 26f15b0 fix(path): classify DOS device paths as Windows-absolute (#551)
• a04bc4c docs: add resolvePromise examples for Resolver and ResolverFactory (#555)
• f9f6d57 Merge pull request #554 from webpack/claude/fix-extension-alias-alignment-xC6sZ
• c1319d1 chore: regenerate types.d.ts after option rename
• 5a00e63 refactor: rename applyExtensionAliasToExportsField to extensionAliasForExports
• f5adeee test(alias): guard that absolute path aliasing is not skipped (#553)
• faa178f fix(TsconfigPathsPlugin): give references priority over main paths (#552)
• e82275d test(imports/exports): cover query and fragment in field resolution
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	enhanced-resolve@​5.20.1 ⏵ 5.21.0

View full report

[BaseMax]

ok