From 801dbdd283eece3b0e4f726ef24a0ea2bd57e820 Mon Sep 17 00:00:00 2001
From: NeverEllipsis <chengkang.zhu@qq.com>
Date: Wed, 11 Sep 2024 19:07:13 +0800
Subject: [PATCH] chore: Webpack's AutoPublicPathRuntimeModule has a DOM
 Clobbering Gadget that leads to XSS

---
 websites/mini-program/package.json        | 2 +-
 websites/mini-program/project.config.json | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/websites/mini-program/package.json b/websites/mini-program/package.json
index be501c5f..edffcf99 100644
--- a/websites/mini-program/package.json
+++ b/websites/mini-program/package.json
@@ -64,7 +64,7 @@
     "@tarojs/cli": "3.6.8",
     "@types/webpack-env": "^1.13.6",
     "@types/react": "^18.0.0",
-    "webpack": "5.78.0",
+    "webpack": "5.94.0",
     "@tarojs/taro-loader": "3.6.8",
     "@tarojs/webpack5-runner": "3.6.8",
     "babel-preset-taro": "3.6.8",
diff --git a/websites/mini-program/project.config.json b/websites/mini-program/project.config.json
index 5fffc598..6c593741 100644
--- a/websites/mini-program/project.config.json
+++ b/websites/mini-program/project.config.json
@@ -15,7 +15,8 @@
       "disablePlugins": [],
       "outputPath": ""
     },
-    "condition": false
+    "condition": false,
+    "ignoreUploadUnusedFiles": true
   },
   "compileType": "miniprogram",
   "libVersion": "2.32.3",