Update terser-webpack-plugin version #9470
Conversation
portexe
requested review from
ianschmitz,
iansu,
mrmckeb and
petetnt
as code owners
|
Hi @portexe! Thank you for your pull request and welcome to our community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. In order for us to review and merge your code, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA. If you have received this in error or have any questions, please contact us at cla@fb.com. Thanks! |
|
I just agreed to the CLA so that will check will need to be re-started. |
|
Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Facebook open source project. Thanks! |
1 similar comment
|
Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Facebook open source project. Thanks! |
|
It will be nice to have this and release it |
|
Hoping to have this one merged! |
|
As explained in #9469 (comment), there is no actual vulnerability here. |
|
@gaearon it appears version 3.1.0 of |
|
Hmm. Actually this doesn't make sense either. 3.0.7 which we use on master already has the fix. https://unpkg.com/browse/terser-webpack-plugin@3.0.7/package.json So what we need to do is update the version used by |
|
(I'll do this) |
Older versions of terser-webpack-plugin are using a highly vulnerable version of serialize-javascript. In order to fix this, we need to update the terser-webpack-plugin which has now addressed this vulnerability.
More info on the vulnerability located here
Screenshot: