-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump terser and parcel #157
base: master
Are you sure you want to change the base?
Bump terser and parcel #157
Conversation
Socket Security Pull Request ReportDependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again. 📜 Install scriptsInstall scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
🫣 Native codeContains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs. Ensure that native code bindings are expected. Consumers may consider pure JS and functionally similar alternatives to avoid the challenges and risks associated with native code bindings.
Pull request report summary
Bot CommandsTo ignore an alert, reply with a comment starting with
Powered by socket.dev |
f705f3b
to
86362b4
Compare
Bumps [terser](https://github.com/terser/terser) to 5.16.1 and updates ancestor dependency [parcel](https://github.com/parcel-bundler/parcel). These dependencies need to be updated together. Updates `terser` from 3.17.0 to 5.16.1 - [Release notes](https://github.com/terser/terser/releases) - [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md) - [Commits](terser/terser@v3.17.0...v5.16.1) Updates `parcel` from 1.12.4 to 2.8.0 - [Release notes](https://github.com/parcel-bundler/parcel/releases) - [Changelog](https://github.com/parcel-bundler/parcel/blob/v2/CHANGELOG.md) - [Commits](https://github.com/parcel-bundler/parcel/compare/parcel-bundler@1.12.4...v2.8.0) --- updated-dependencies: - dependency-name: terser dependency-type: indirect - dependency-name: parcel dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
86362b4
to
51c756f
Compare
Bumps terser to 5.16.1 and updates ancestor dependency parcel. These dependencies need to be updated together.
Updates
terser
from 3.17.0 to 5.16.1Changelog
Sourced from terser's changelog.
... (truncated)
Commits
b90215a
5.16.1319fe31
update changelogd941a11
mark computed properties in for..of initializers as used. Closes #1238635400e
move AST_Scope#drop_unused into its own filea192fac
some cleanupsdcc3030
add shadowed variable test4d37f39
traverse exported code while hoisting object properties. Closes #13071e99e5d
update test68461d4
properly detect nested classes. Closes #1313b91e0ce
docs: fix simple typo, concatentation -> concatenation (#1311)Updates
parcel
from 1.12.4 to 2.8.0Release notes
Sourced from parcel's releases.
... (truncated)
Changelog
Sourced from parcel's changelog.
... (truncated)
Commits
c3bbe0a
v2.8.0d53e0f1
Changelog for v2.8.0a5cd0ec
Bump parcel dependencies (#8611)20fed1f
Move experimental bundler to default (#8607)cf3a752
Fix #8500 by not adding offset to line numbers (#8501)bf4dc4d
Bump minimist from 1.2.5 to 1.2.7 in /packages/utils/parcelforvscode (#8551)a5cca74
Bump@xmldom/xmldom
from 0.7.5 to 0.7.6 (#8570)932b6bd
Retain correct dependency order between imports and reexports without scopeho...27569c5
Implement min bundles (#8599)29b054c
Catch uncaught promise build abort race (#8600)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.