please update terser to 5.14.2 #116
Comments
|
+1 |
|
@IdanAdar Last commit was 2 years ago, so I guess the answer is no. |
|
"no" is not really an answer to my question, though... |
|
Sorry, wrong answer. You won't get a right one. Open source maintainer fatigue? No reason to be demanding. Nobody owes you anything here, so no reason to pretend. Open source projects go stale all the time. Mostly from when there is not enough time or lack of financing or both. When others don't step up, this happens. Years since last change and no answer to issues or PRs should tell you all you need. |
|
For now you can manually override the terser version used in your project by adding the following block to "overrides": {
"terser": "^5.15.0"
}, |
|
The official plugin with Rollup v3 support and updated terser has been released: https://npmjs.com/package/@rollup/plugin-terser 🎉 |
terser 5.0.0 - 5.14.1
Severity: high
Terser insecure use of regular expressions before v4.8.1 and v5.14.2 leads to ReDoS - GHSA-4wf5-vphf-c2xc
The text was updated successfully, but these errors were encountered: