React-styleguidist: Vulnerability in terser-webpack-plugin dependency

Created on 16 Jun 2020  路  3Comments  路  Source: styleguidist/react-styleguidist

Our corporate scanning software is preventing the use of the latest version 11.0.x due to a vulnerability in one of the dependencies.

Currently version 11.0.8 depends on [email protected] (in lock file). This in turn depends on [email protected]. The vulnerability is in the serialize javascript plugin.

Please could you update terser-webpack-plugin to version 2.3.6 or greater, as they have updated to serialize-javascript 3.0 which no longer has the blocking vulnerability.

Huge thanks and great work.

good first issue help wanted
Source
picture mheathcote1977

All 3 comments

Feel free to send a pull request with a fix.

sapegin picture sapegin on 22 Jun 2020

Is anyone working on this? Can i take a shot at it?

dhavalsingh picture dhavalsingh on 23 Aug 2020
👍1

Duplicate of #1658 terser-webpack-plugin has already been updated to ^4.1.0

carlosruana picture carlosruana on 27 Aug 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

eduardoinnorway picture eduardoinnorway  路  3Comments
davidjb picture davidjb  路  3Comments
avaly picture avaly  路  3Comments
dlim-dlim picture dlim-dlim  路  4Comments
mealeyst picture mealeyst  路  3Comments