chore(deps): Bump vulnerable webpack version

[chargome]

Bump webpack from vulnerable versions (5.0.0, 5.74.0) to 5.76.0 across 4 packages to fix CVE-2023-28154 (cross-realm object access in Webpack 5)

Resolved Dependabot Alerts

• #217 — packages/webpack-plugin/package.json
• #22 — packages/playground/package.json
• #21 — packages/integration-tests/package.json
• #20 — packages/e2e-tests/package.json
• #19 — yarn.lock

[github-actions]

Semver Impact of This PR

🟢 Patch (bug fixes)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

New Features ✨

• (core) Pass mapDir to rewriteSourcesHook by chargome in #908
• Use crypto.randomUUID rather than uuid by timfish in #892

Bug Fixes 🐛

• (core) Conditionally add tracing headers by chargome in #907
• (e2e-tests) Pin axios to 1.13.5 to avoid compromised 1.14.1 by andreiborza in #906
• Add missing webpack5 entrypoint in webpack-plugin by brunodccarvalho in #905

Internal Changes 🔧

• (deps) Bump vulnerable webpack version by chargome in #909

• Vite integration tests by timfish in #899
• Webpack integration tests by timfish in #904
• Isolate integration test package installs by timfish in #902
• Pin GitHub Actions to full-length commit SHAs by joshuarli in #900
• Rollup integration tests by timfish in #897
• New integration tests by timfish in #896
• Remove lerna by timfish in #895
• Migrate to Vitest by timfish in #894

---

_{🤖 This preview updates automatically when you update the PR.}

[chargome]

@timfish I guess this is fine?