Update webpack version in @nx/module-federation to address security vulnerability

[nxpatterns]

Hello Nx team,

I've noticed that the current version of @nx/module-federation (20.3.3) is using webpack 5.88.0, which has a known security vulnerability (GHSA-4vvj-4cpr-p986).

The vulnerability is described as: "Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS".

To address this issue, I suggest updating the webpack dependency in @nx/module-federation to the latest stable version (currently 5.89.0 as of January 2025).

I've tested this locally by creating a copy of @nx/module-federation and updating the webpack version to ^5.89.0 in its package.json. After this change, the npm audit no longer reports the webpack-related vulnerability.

Could you please consider updating the webpack version in the official @nx/module-federation package to address this security concern?

Thank you for your attention to this matter.

EDIT: Is it possible that I created this GitHub issue in the wrong package in my haste? Because this repo doesn't seem to have been updated for quite some time.

[nxpatterns]

Closing this issue as it's found its true home in the main Nx monorepo! 🏠

🔄 New home: Security Enhancement: webpack vulnerability in @nx/module-federation

For future reference: @nx/module-federation resides in https://github.com/nrwl/nx