chore(deps): bump terser-webpack-plugin from 2.2.1 to 2.2.2

[dependabot-preview]

Bumps terser-webpack-plugin from 2.2.1 to 2.2.2.

Release notes

Sourced from terser-webpack-plugin's releases.

v2.2.2

2.2.2 (2019-12-06)

SECURITY

• update serialize-javascript to 2.1.1 version.

Changelog

Sourced from terser-webpack-plugin's changelog.

2.2.2 (2019-12-06)

SECURITY

• update serialize-javascript to 2.1.1 version.

Commits

• b33ff1a chore(release): 2.2.2
• 1e12a84 test: refactor (#192)
• 3c80be8 chore(deps): update (#191)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[jsf-clabot]

Thank you for your submission, we really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

[webpack-bot]

For maintainers only:

• This needs to be documented (issue in webpack/webpack.js.org will be filed when merged)
• This needs to be backported to webpack 4 (issue will be created when merged)

[webpack-bot]

The basic integration tests failed.

@dependabot-preview[bot] Please review the following output log for errors:

(node:6735) [DEP_WEBPACK_CHUNK_TEMPLATE_RENDER_MANIFEST] DeprecationWarning: ChunkTemplate.hooks.renderManifest is deprecated (use Compilation.hooks.renderManifest instead)
(node:6735) [DEP_WEBPACK_COMPILATION_NORMAL_MODULE_LOADER_HOOK] DeprecationWarning: Compilation.hooks.normalModuleLoader was moved to NormalModule.getCompilationHooks(compilation).loader
(node:6735) [DEP_WEBPACK_MAIN_TEMPLATE_RENDER_MANIFEST] DeprecationWarning: MainTemplate.hooks.renderManifest is deprecated (use Compilation.hooks.renderManifest instead)
(node:6735) [DEP_WEBPACK_MAIN_TEMPLATE_HASH_FOR_CHUNK] DeprecationWarning: MainTemplate.hooks.hashForChunk is deprecated (use JavascriptModulesPlugin.getCompilationHooks().chunkHash instead)
(node:6735) [DEP_WEBPACK_MODULE_ID] DeprecationWarning: Module.id: Use new ChunkGraph API
(node:6735) [DEP_WEBPACK_MODULE_UPDATE_HASH] DeprecationWarning: Module.updateHash: Use new ChunkGraph API
(node:6735) [DEP_WEBPACK_CHUNK_MODULES_ITERABLE] DeprecationWarning: Chunk.modulesIterable: Use new ChunkGraph API
(node:6735) [DEP_WEBPACK_MAIN_TEMPLATE_OUTPUT_OPTIONS] DeprecationWarning: MainTemplate.outputOptions is deprecated (use Compilation.outputOptions instead)
(node:6735) [DEP_WEBPACK_MAIN_TEMPLATE_RENDER_CURRENT_HASH_CODE] DeprecationWarning: MainTemplate.renderCurrentHashCode is deprecated (use RuntimeGlobals.getFullHash runtime function instead)
(node:6735) [DEP_WEBPACK_MAIN_TEMPLATE_GET_ASSET_PATH] DeprecationWarning: MainTemplate.getAssetPath is deprecated (use Compilation.getAssetPath instead)
(node:6735) [DEP_WEBPACK_MAIN_TEMPLATE_REQUIRE_FN] DeprecationWarning: MainTemplate.requireFn is deprecated (use "__webpack_require__")
(node:6735) [DEP_WEBPACK_CHUNK_GROUP_GET_MODULE_INDEX_2] DeprecationWarning: ChunkGroup.getModuleIndex2 was renamed to getModulePostOrderIndex
FAIL test/StatsTestCases.test.js (17.419s)
  ● StatsTestCases › should print correct stats for filter-warnings

    expect(received).toMatchSnapshot()

    Snapshot name: `StatsTestCases should print correct stats for filter-warnings 1`

    - Snapshot
    + Received

    @@ -1,8 +1,8 @@
    - Hash: 2e946c1b63d5a742a8ff2e946c1b63d5a742a8ff2e946c1b63d5a742a8ff2e946c1b63d5a742a8ff2e946c1b63d5a742a8ff2e946c1b63d5a742a8ff2e946c1b63d5a742a8ff2e946c1b63d5a742a8ff2e946c1b63d5a742a8ff2e946c1b63d5a742a8ff2e946c1b63d5a742a8ff2e946c1b63d5a742a8ff2e946c1b63d5a742a8ff
    + Hash: 1f6d5c533ab3847f1d041f6d5c533ab3847f1d041f6d5c533ab3847f1d041f6d5c533ab3847f1d041f6d5c533ab3847f1d041f6d5c533ab3847f1d041f6d5c533ab3847f1d041f6d5c533ab3847f1d041f6d5c533ab3847f1d041f6d5c533ab3847f1d041f6d5c533ab3847f1d041f6d5c533ab3847f1d041f6d5c533ab3847f1d04
      Child undefined:
    -     Hash: 2e946c1b63d5a742a8ff
    +     Hash: 1f6d5c533ab3847f1d04
          Time: Xms
          Built at: 1970-04-20 12:42:42
               Asset        Size
          bundle0.js  1010 bytes  [emitted]  [name: main]
          Entrypoint main = bundle0.js
    @@ -28,53 +28,53 @@
          WARNING in Terser Plugin: Dropping unused function someUnUsedFunction4 [webpack://./index.js:11,0]

          WARNING in Terser Plugin: Dropping unused function someUnUsedFunction5 [webpack://./index.js:12,0]

      Child Terser:
    -     Hash: 2e946c1b63d5a742a8ff
    +     Hash: 1f6d5c533ab3847f1d04
          Time: Xms
          Built at: 1970-04-20 12:42:42
               Asset        Size
          bundle1.js  1010 bytes  [emitted]  [name: main]
          Entrypoint main = bundle1.js
      Child /Terser/:
    -     Hash: 2e946c1b63d5a742a8ff
    +     Hash: 1f6d5c533ab3847f1d04
          Time: Xms
          Built at: 1970-04-20 12:42:42
               Asset        Size
          bundle2.js  1010 bytes  [emitted]  [name: main]
          Entrypoint main = bundle2.js
      Child warnings => true:
    -     Hash: 2e946c1b63d5a742a8ff
    +     Hash: 1f6d5c533ab3847f1d04
          Time: Xms
          Built at: 1970-04-20 12:42:42
               Asset        Size
          bundle3.js  1010 bytes  [emitted]  [name: main]
          Entrypoint main = bundle3.js
      Child [Terser]:
    -     Hash: 2e946c1b63d5a742a8ff
    +     Hash: 1f6d5c533ab3847f1d04
          Time: Xms
          Built at: 1970-04-20 12:42:42
               Asset        Size
          bundle4.js  1010 bytes  [emitted]  [name: main]
          Entrypoint main = bundle4.js
      Child [/Terser/]:
    -     Hash: 2e946c1b63d5a742a8ff
    +     Hash: 1f6d5c533ab3847f1d04
          Time: Xms
          Built at: 1970-04-20 12:42:42
               Asset        Size
          bundle5.js  1010 bytes  [emitted]  [name: main]
          Entrypoint main = bundle5.js
      Child [warnings => true]:
    -     Hash: 2e946c1b63d5a742a8ff
    +     Hash: 1f6d5c533ab3847f1d04
          Time: Xms
          Built at: 1970-04-20 12:42:42
               Asset        Size
          bundle6.js  1010 bytes  [emitted]  [name: main]
          Entrypoint main = bundle6.js
      Child should not filter:
    -     Hash: 2e946c1b63d5a742a8ff
    +     Hash: 1f6d5c533ab3847f1d04
          Time: Xms
          Built at: 1970-04-20 12:42:42
               Asset        Size
          bundle7.js  1010 bytes  [emitted]  [name: main]
          Entrypoint main = bundle7.js
    @@ -100,11 +100,11 @@
          WARNING in Terser Plugin: Dropping unused function someUnUsedFunction4 [webpack://./index.js:11,0]

          WARNING in Terser Plugin: Dropping unused function someUnUsedFunction5 [webpack://./index.js:12,0]

      Child /should not filter/:
    -     Hash: 2e946c1b63d5a742a8ff
    +     Hash: 1f6d5c533ab3847f1d04
          Time: Xms
          Built at: 1970-04-20 12:42:42
               Asset        Size
          bundle8.js  1010 bytes  [emitted]  [name: main]
          Entrypoint main = bundle8.js
    @@ -130,11 +130,11 @@
          WARNING in Terser Plugin: Dropping unused function someUnUsedFunction4 [webpack://./index.js:11,0]

          WARNING in Terser Plugin: Dropping unused function someUnUsedFunction5 [webpack://./index.js:12,0]

      Child warnings => false:
    -     Hash: 2e946c1b63d5a742a8ff
    +     Hash: 1f6d5c533ab3847f1d04
          Time: Xms
          Built at: 1970-04-20 12:42:42
               Asset        Size
          bundle9.js  1010 bytes  [emitted]  [name: main]
          Entrypoint main = bundle9.js
    @@ -160,11 +160,11 @@
          WARNING in Terser Plugin: Dropping unused function someUnUsedFunction4 [webpack://./index.js:11,0]

          WARNING in Terser Plugin: Dropping unused function someUnUsedFunction5 [webpack://./index.js:12,0]

      Child [should not filter]:
    -     Hash: 2e946c1b63d5a742a8ff
    +     Hash: 1f6d5c533ab3847f1d04
          Time: Xms
          Built at: 1970-04-20 12:42:42
                Asset        Size
          bundle10.js  1010 bytes  [emitted]  [name: main]
          Entrypoint main = bundle10.js
    @@ -190,11 +190,11 @@
          WARNING in Terser Plugin: Dropping unused function someUnUsedFunction4 [webpack://./index.js:11,0]

          WARNING in Terser Plugin: Dropping unused function someUnUsedFunction5 [webpack://./index.js:12,0]

      Child [/should not filter/]:
    -     Hash: 2e946c1b63d5a742a8ff
    +     Hash: 1f6d5c533ab3847f1d04
          Time: Xms
          Built at: 1970-04-20 12:42:42
                Asset        Size
          bundle11.js  1010 bytes  [emitted]  [name: main]
          Entrypoint main = bundle11.js
    @@ -220,11 +220,11 @@
          WARNING in Terser Plugin: Dropping unused function someUnUsedFunction4 [webpack://./index.js:11,0]

          WARNING in Terser Plugin: Dropping unused function someUnUsedFunction5 [webpack://./index.js:12,0]

      Child [warnings => false]:
    -     Hash: 2e946c1b63d5a742a8ff
    +     Hash: 1f6d5c533ab3847f1d04
          Time: Xms
          Built at: 1970-04-20 12:42:42
                Asset        Size
          bundle12.js  1010 bytes  [emitted]  [name: main]
          Entrypoint main = bundle12.js

      193 | 					.replace(/(\w)\\(\w)/g, "$1/$2")
      194 | 					.replace(/, additional resolving: Xms/g, "");
    > 195 | 				expect(actual).toMatchSnapshot();
          | 				               ^
      196 | 				if (testConfig.validate) testConfig.validate(stats, stderr.toString());
      197 | 				done();
      198 | 			});

      at test/StatsTestCases.test.js:195:20
      at finalCallback (lib/MultiCompiler.js:5312:16)
      at lib/MultiCompiler.js:5389:9
      at done (node_modules/neo-async/async.js:2931:13)
      at runCompilers (lib/MultiCompiler.js:5050:16)
      at lib/MultiCompiler.js:5083:11
      at lib/MultiCompiler.js:5370:11
      at finalCallback (lib/Compiler.js:9532:9)
      at lib/Compiler.js:9791:22
      at Hook.eval [as callAsync] (eval at create (node_modules/tapable/lib/HookCodeFactory.js:33:10), <anonymous>:15:1)

Show remaining errors

  ● StatsTestCases › should print correct stats for warnings-terser

    expect(received).toMatchSnapshot()

    Snapshot name: `StatsTestCases should print correct stats for warnings-terser 1`

    - Snapshot
    + Received

    @@ -1,6 +1,6 @@
    - Hash: fd5c5b8a9bb97e3968a4
    + Hash: 83673643d4d96b32fb0c
      Time: Xms
      Built at: 1970-04-20 12:42:42
          Asset        Size
      bundle.js  1010 bytes  [emitted]  [name: main]
      Entrypoint main = bundle.js

      193 | 					.replace(/(\w)\\(\w)/g, "$1/$2")
      194 | 					.replace(/, additional resolving: Xms/g, "");
    > 195 | 				expect(actual).toMatchSnapshot();
          | 				               ^
      196 | 				if (testConfig.validate) testConfig.validate(stats, stderr.toString());
      197 | 				done();
      198 | 			});

      at test/StatsTestCases.test.js:195:20
      at finalCallback (lib/Compiler.js:9532:9)
      at lib/Compiler.js:9791:22
      at Hook.eval [as callAsync] (eval at create (node_modules/tapable/lib/HookCodeFactory.js:33:10), <anonymous>:6:1)
      at Hook.CALL_ASYNC_DELEGATE [as _callAsync] (node_modules/tapable/lib/Hook.js:18:14)
      at lib/Compiler.js:9770:29
      at Compiler.emitRecords (lib/Compiler.js:10529:14)
      at lib/Compiler.js:9732:16
      at lib/Compiler.js:10483:18
      at Hook.eval [as callAsync] (eval at create (node_modules/tapable/lib/HookCodeFactory.js:33:10), <anonymous>:15:1)

 › 2 snapshots failed.
Snapshot Summary
 › 2 snapshots failed from 1 test suite. Inspect your code changes or run `

Test Suites: 1 failed, 2 passed, 3 total
Tests:       2 failed, 7 skipped, 2680 passed, 2689 total
Snapshots:   2 failed, 103 passed, 105 total
Time:        53.583s

See complete report here.

[korelstar]

This includes a security update! Please backport to webpack 4 and release as soon as possible 😃

[alexander-akait]

@korelstar already backported, just update your lock file and deps

[mfcochauxlaberge]

@evilebottnawi That does not seem to be the case. Can you point me to the webpack version with this fix? Last release from the v4 branch is v4.41.2 from October 15.

[alexander-akait]

Just update deps, problem already fixed in package

[dependabot-preview]

Superseded by #10108.

[mfcochauxlaberge]

@evilebottnawi I don't have a direct dependency on terser-webpack-plugin. I depend on webpack and webpack depends on it. I cannot update webpack to get an updated version terser-webpack-plugin. Are you saying I need to update terser-webpack-plugin manually?

[alexander-akait]

reinstall dependencies

[beeman]

I'm seeing the same as @mfcochauxlaberge . Reinstalling dependencies does not fix the issues as long as you don't depend on it directly. Even trying to remove the lockfile does not change this. The version of terser-webpack-plugin stays on 1.4.1 whatever:

See the output here...

➜  kikstart-ui git:(develop) yarn why terser-webpack-plugin
yarn why v1.19.1
[1/4] 🤔  Why do we have the module "terser-webpack-plugin"...?
[2/4] 🚚  Initialising dependency graph...
[3/4] 🔍  Finding dependency...
[4/4] 🚡  Calculating file sizes...
=> Found "terser-webpack-plugin@1.4.1"
info Reasons this module exists
   - "@angular-devkit#build-angular" depends on it
   - Hoisted from "@angular-devkit#build-angular#terser-webpack-plugin"
   - Hoisted from "@angular-devkit#build-angular#webpack#terser-webpack-plugin"
info Disk size without dependencies: "92KB"
info Disk size with unique dependencies: "3.11MB"
info Disk size with transitive dependencies: "8.88MB"
info Number of shared dependencies: 72
✨  Done in 0.77s.
➜  kikstart-ui git:(develop) rm -rf node_modules
➜  kikstart-ui git:(develop) yarn
yarn install v1.19.1
[1/4] 🔍  Resolving packages...
[2/4] 🚚  Fetching packages...
[3/4] 🔗  Linking dependencies...
warning " > bootstrap@4.4.1" has unmet peer dependency "jquery@1.9.1 - 3".
warning " > bootstrap@4.4.1" has unmet peer dependency "popper.js@^1.16.0".
warning " > tsickle@0.37.1" has incorrect peer dependency "typescript@~3.6.4".
[4/4] 🔨  Building fresh packages...
✨  Done in 27.52s.
➜  kikstart-ui git:(develop) yarn why terser-webpack-plugin
yarn why v1.19.1
[1/4] 🤔  Why do we have the module "terser-webpack-plugin"...?
[2/4] 🚚  Initialising dependency graph...
[3/4] 🔍  Finding dependency...
[4/4] 🚡  Calculating file sizes...
=> Found "terser-webpack-plugin@1.4.1"
info Reasons this module exists
   - "@angular-devkit#build-angular" depends on it
   - Hoisted from "@angular-devkit#build-angular#terser-webpack-plugin"
   - Hoisted from "@angular-devkit#build-angular#webpack#terser-webpack-plugin"
info Disk size without dependencies: "92KB"
info Disk size with unique dependencies: "3.11MB"
info Disk size with transitive dependencies: "8.88MB"
info Number of shared dependencies: 72
✨  Done in 0.76s.
➜  kikstart-ui git:(develop) rm -rf node_modules yarn.lock
➜  kikstart-ui git:(develop) ✗ yarn
yarn install v1.19.1
info No lockfile found.
[1/4] 🔍  Resolving packages...
warning @angular-devkit/build-angular > webpack-dev-server > chokidar > fsevents@1.2.9: One of your dependencies needs to upgrade to fsevents v2: 1) Proper nodejs v10+ support 2) No more fetching binaries from AWS, smaller package size
warning @angular-devkit/build-angular > istanbul-instrumenter-loader > istanbul-lib-instrument > babel-types > babel-runtime > core-js@2.6.11: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.
warning ng-packagr > rollup-plugin-json@4.0.0: This module has been deprecated and is no longer maintained. Please use @rollup/plugin-json.
[2/4] 🚚  Fetching packages...
[3/4] 🔗  Linking dependencies...
warning " > bootstrap@4.4.1" has unmet peer dependency "jquery@1.9.1 - 3".
warning " > bootstrap@4.4.1" has unmet peer dependency "popper.js@^1.16.0".
warning "codelyzer > axobject-query@2.1.1" has unmet peer dependency "eslint@^5 || ^6".
warning " > tsickle@0.37.1" has incorrect peer dependency "typescript@~3.6.4".
[4/4] 🔨  Building fresh packages...
success Saved lockfile.
✨  Done in 105.14s.
➜  kikstart-ui git:(develop) ✗ yarn why terser-webpack-plugin
yarn why v1.19.1
[1/4] 🤔  Why do we have the module "terser-webpack-plugin"...?
[2/4] 🚚  Initialising dependency graph...
[3/4] 🔍  Finding dependency...
[4/4] 🚡  Calculating file sizes...
=> Found "terser-webpack-plugin@1.4.1"
info Reasons this module exists
   - "@angular-devkit#build-angular" depends on it
   - Hoisted from "@angular-devkit#build-angular#terser-webpack-plugin"
info Disk size without dependencies: "92KB"
info Disk size with unique dependencies: "3.11MB"
info Disk size with transitive dependencies: "8.88MB"
info Number of shared dependencies: 72
=> Found "webpack#terser-webpack-plugin@1.4.3"
info This module exists because "@angular-devkit#build-angular#webpack" depends on it.
info Disk size without dependencies: "92KB"
info Disk size with unique dependencies: "3.11MB"
info Disk size with transitive dependencies: "8.88MB"
info Number of shared dependencies: 72
✨  Done in 0.79s.

So what seems to work is adding this to package.json:

  "resolutions": {
    "terser-webpack-plugin": "2.2.3"
  },

This will yield a warning but it's probably better than waiting till v4 gets updated/published:

warning Resolution field "terser-webpack-plugin@2.2.3" is incompatible with requested version "terser-webpack-plugin@1.4.1"
warning Resolution field "terser-webpack-plugin@2.2.3" is incompatible with requested version "terser-webpack-plugin@^1.4.1"

[mfcochauxlaberge]

npm audit fix is what ended up updating my dependencies.