Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update rollup-plugin-terser to fix vulnerability #797

Closed
known-as-bmf opened this issue Aug 14, 2020 · 1 comment · May be fixed by #889
Closed

Update rollup-plugin-terser to fix vulnerability #797

known-as-bmf opened this issue Aug 14, 2020 · 1 comment · May be fixed by #889
Labels
scope: dependencies Pull requests that update a dependency file solution: duplicate This issue or pull request already exists topic: Rollup 2 Related to Rollup 2 upgrade

Comments

@known-as-bmf
Copy link

Current Behavior

rollup-plugin-terser v5.x has a dependency on serialize-javascript 2.x.
This version of serialize-javascript includes an high severity security issue.

Expected behavior

No security issue.

Suggested solution(s)

Bump rollup-plugin-terser dependency to at least ^6.0.0.

Additional context

N/A

Your environment

TSDX 0.13.2

@agilgur5
Copy link
Collaborator

Duplicate of #731 (comment)

@agilgur5 agilgur5 marked this as a duplicate of #731 Aug 14, 2020
@agilgur5 agilgur5 added scope: dependencies Pull requests that update a dependency file solution: duplicate This issue or pull request already exists labels Aug 14, 2020
@agilgur5 agilgur5 changed the title Update rollup-plugin-terser dependency Update rollup-plugin-terser to fix vulnerability Aug 17, 2020
@agilgur5 agilgur5 linked a pull request Aug 17, 2020 that will close this issue
Repository owner locked and limited conversation to collaborators Aug 17, 2020
@agilgur5 agilgur5 added the topic: Rollup 2 Related to Rollup 2 upgrade label Sep 28, 2020
@agilgur5 agilgur5 linked a pull request Sep 28, 2020 that will close this issue
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
scope: dependencies Pull requests that update a dependency file solution: duplicate This issue or pull request already exists topic: Rollup 2 Related to Rollup 2 upgrade
Projects
None yet
2 participants