Skip to content

refactor: Bump serialize-javascript and terser-webpack-plugin#967

Merged
mtrezza merged 1 commit into
gh-pagesfrom
dependabot/npm_and_yarn/multi-0d13b2d87f
Mar 29, 2026
Merged

refactor: Bump serialize-javascript and terser-webpack-plugin#967
mtrezza merged 1 commit into
gh-pagesfrom
dependabot/npm_and_yarn/multi-0d13b2d87f

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 29, 2026
edited by coderabbitai Bot
Loading

Removes serialize-javascript. It's no longer used after updating ancestor dependency terser-webpack-plugin. These dependencies need to be updated together.

Removes serialize-javascript

Updates terser-webpack-plugin from 5.3.16 to 5.4.0

Release notes

Sourced from terser-webpack-plugin's releases.

v5.4.0

5.4.0 (2026-03-10)

Features

  • added ability to minimize JSON using jsonMinify (#657) (29ac915)

v5.3.17

5.3.17 (2026-03-03)

Bug Fixes

  • update serialize-javascript (37c490c)
Changelog

Sourced from terser-webpack-plugin's changelog.

5.4.0 (2026-03-10)

Features

  • added ability to minimizer JSON using jsonMinify (#657) (29ac915)

5.3.17 (2026-03-03)

Bug Fixes

  • update serialize-javascript (37c490c)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Summary by CodeRabbit

  • Chores
    • Updated build dependencies to the latest compatible versions and removed unused packages to improve build efficiency.

@dependabot
build(deps): bump serialize-javascript and terser-webpack-plugin
d6dcac1 
Removes [serialize-javascript](https://github.com/yahoo/serialize-javascript). It's no longer used after updating ancestor dependency [terser-webpack-plugin](https://github.com/webpack/terser-webpack-plugin). These dependencies need to be updated together.


Removes `serialize-javascript`

Updates `terser-webpack-plugin` from 5.3.16 to 5.4.0
- [Release notes](https://github.com/webpack/terser-webpack-plugin/releases)
- [Changelog](https://github.com/webpack/terser-webpack-plugin/blob/main/CHANGELOG.md)
- [Commits](webpack/minimizer-webpack-plugin@v5.3.16...v5.4.0)

---
updated-dependencies:
- dependency-name: serialize-javascript
  dependency-version: 
  dependency-type: indirect
- dependency-name: terser-webpack-plugin
  dependency-version: 5.4.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 29, 2026
@mtrezza mtrezza changed the title build(deps): bump serialize-javascript and terser-webpack-plugin refactor: Bump serialize-javascript and terser-webpack-plugin Mar 29, 2026
@mtrezza
Copy link
Copy Markdown
Member

mtrezza commented Mar 29, 2026

@coderabbitai review

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Mar 29, 2026

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Mar 29, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 369cfb4a-a78e-40dd-b44c-15f014af57c4

📥 Commits

Reviewing files that changed from the base of the PR and between 4328a36 and d6dcac1.

📒 Files selected for processing (1)
  • package-lock.json
📝 Walkthrough

Walkthrough

Dependency cleanup in package-lock.json removing unused packages (randombytes, safe-buffer, serialize-javascript) and updating terser-webpack-plugin from version 5.3.16 to 5.4.0 with corresponding removal of its serialize-javascript dependency reference.

Changes

Cohort / File(s) Summary
Dependency Updates & Cleanup
package-lock.json		 Removed randombytes, safe-buffer, and serialize-javascript entries (both node_modules and top-level); updated terser-webpack-plugin from 5.3.16 to 5.4.0 with revised hash and integrity values; removed serialize-javascript from terser-webpack-plugin dependencies.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately reflects the main changes: removing serialize-javascript and updating terser-webpack-plugin versions in package-lock.json.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/npm_and_yarn/multi-0d13b2d87f

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@mtrezza mtrezza merged commit e40c19a into gh-pages Mar 29, 2026
1 check passed
@mtrezza mtrezza deleted the dependabot/npm_and_yarn/multi-0d13b2d87f branch March 29, 2026 17:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mtrezza