next-bundle-analyzer depends on [email protected], but there is an XSS problem in that dependency that is only fixed in >=3.3.2.
Any news on this? Been a while since this issue was opened..
@zeit/next-bundle-analyzer seems to have been deprecated in favor of @next/bundle-analyzer. 8.1.1-canary.44 of that package has an updated webpack-bundle-analyzer.
npm install --save-dev @next/bundle-analyzer@canary
Note that the new package works slightly differently.
Most helpful comment
Any news on this? Been a while since this issue was opened..