I did a quick research for breaking changes of outdated modules. This was necessary because it was unclear why @sokra chose to update to 1.0.0 for webpack 2 but not for webpack 1. This is the result:

Major version bumps (including 0.x changes)

buffer

Breaking change was feross/buffer@5daca86

@fanatid wrote:

v4.x uses Uint8Array by default and Object as shim
v5.x uses only Uint8Array and print error if TypedArrays not supported

Since we should still support IE9 and IE10 out-of-the-box, we should stick to v4 for now.

constants-browserify

The update should be no problem. Some constants have been changed but the usage is very unlikely.

https-browserify

No breaking change

os-browserify

No breaking change

readable-stream

Breaking change was nodejs/readable-stream@53ff397

Doesn't seem to be really breaking? readable-stream was not using semver prior v2.

stream-browserify

The funny thing is: stream-browserify is also using readable-stream for quite some time. We should just use readable-stream.

url

Possible breaking change in defunctzombie/node-url@e5b6f59

However, since this commit brings the url module in parity with node 0.12, it is very unlikely that there is currently frontend code out there which relies on such an old implementation of the url module. It is more likely that we actually fix code because developers assume a more recent implementation of the url module.

We should also switch all dependencies to the caret operator ^ to exclude breaking changes from 0.x modules.

@sokra @TheLarkInn @bebraw @SpaceK33z

Woah, good research. I agree with your changing to the caret operator.

So the conclusion is that we can upgrade node-libs-browser for webpack v1, or what is the next step?

Yes, webpack v1 should use the latest node-libs-browser module. The risk of an actual breaking change is very low.

These versions shipped with 1.1.0