[Security] Bump webpack-bundle-analyzer from 2.3.1 to 4.4.2

[dependabot-preview]

Bumps webpack-bundle-analyzer from 2.3.1 to 4.4.2. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Cross-Site Scripting in webpack-bundle-analyzer Versions of webpack-bundle-analyzer prior to 3.3.2 are vulnerable to Cross-Site Scripting. The package uses JSON.stringify() without properly escaping input which may lead to Cross-Site Scripting.

Recommendation

Upgrade to version 3.3.2 or later.

Affected versions: < 3.3.2

Release notes

Sourced from webpack-bundle-analyzer's releases.

First test with Lerna monorepo

th0r/webpack-bundle-analyzer#98

Changelog

Sourced from webpack-bundle-analyzer's changelog.

4.4.2

• Bug Fix
  • Fix failure with compiler.outputFileSystem.constructor being undefined (#447 by @​kedarv and @​alexander-akait)
    • NOTE: This fix doesn't have added test coverage so the fix might break in future versions unless test coverage is added later.

4.4.1

• Bug Fix

  • Fix missing module chunks (#433 by @​deanshub)

• Internal

  • Fix tests timing out in CI (#435 by @​deanshub)
  • Fix command in issue template (#428 by @​cncolder)

4.4.0

• Improvement

  • Keep treemap labels visible during zooming animations for better user experience (#414 by @​stanislawosinski)

• Bug Fix

  • Don't show an empty tooltip when hovering over the FoamTree attribution group or between top-level groups (#413 by @​stanislawosinski)

• Internal

  • Upgrade FoamTree to version 3.5.0, replace vendor dependency with an NPM package (#412 by @​stanislawosinski)

4.3.0

• Improvement

  • Replace express with builtin node server, reducing number of dependencies (#398 by @​TrySound)
  • Move filesize to dev dependencies, reducing number of dependencies (#401 by @​realityking)

• Internal

  • Replace Travis with GitHub actions (#402 by @​valscion)

4.2.0

• Improvement

  • A number of improvements to reduce the number of dependencies (#391, #396, #397)

• Bug Fix

  • Prevent crashes for bundles generated from webpack array configs. (#394 by @​ctavan)
  • Fix non-asset assets causing analyze failure. (#385 by @​ZKHelloworld)

4.1.0

• Improvement
  • Significantly speed up generation of stats.json file (see generateStatsFile option).

4.0.0

... (truncated)

Commits

• 591303a v4.4.2
• 2bcf474 check this.compiler.outputFileSystem.constructor is not undefined (#447)
• 9029c9b Bump postcss from 8.1.6 to 8.2.10 (#446)
• 96f4ab1 Bump url-parse from 1.4.7 to 1.5.1 (#443)
• 0dcfb85 v4.4.1
• d4f25f9 Fix changelog username link texts
• e5b617e Fixes #417 missing module chunks (#433)
• 155edb7 Fix tests timeout (#435)
• 80e1697 Merge pull request #430 from webpack-contrib/dependabot/npm_and_yarn/test/web...
• ef982fb Bump y18n from 4.0.0 to 4.0.1 in /test/webpack-versions/4.44.2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by valscion, a new releaser for webpack-bundle-analyzer since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)