chore(deps): bump terser-webpack-plugin to v.1.4.2 #20014
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
A security breach was found in serialize-javascript (versions < 2.1.1) which is one of the dependencies of gatsby's terser-webpack-plugin dependency.
This PR bumps the version of terser-webpack-plugin to 2.2.2 to fix the security breach. See https://github.com/webpack-contrib/terser-webpack-plugin/blob/master/CHANGELOG.md.
You can find the security alert here: GHSA-h9rv-jmmf-4pgx.
Even if the version update was a major one, the build seems to be passing.