New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
compression-webpack-plugin and serialize-javascript@^1.4.0 dependency #2387
Comments
compression-webpack-plugin has made a fix webpack-contrib/compression-webpack-plugin#139 |
This should fix the issue: After this, run |
To pickup the fix mentioned by @clearyandzap, this worked for me: $ yarn upgrade "@rails/webpacker@^4.2.2"
$ yarn audit Yarn audit confirmed the fix. |
Problem ---------- `@rails/webpacker` had security issues in dependencies of dependencies. Read more here ![GHSA-h9rv-jmmf-4pgx ](GHSA-h9rv-jmmf-4pgx) and here rails/webpacker#2387 Solution -------- Upgrade `@rails/webpacker`
Is this issue can be closed ? |
@Yenwod solution works for me |
One of this repros dependancies (compression-webpack-plugin) has a dependency of serialize-javascript@^1.4.0 which has a known issue GHSA-h9rv-jmmf-4pgx .
The compression-webpack-plugin repro has not been updated in 6 months, someone has submitted a PR to fix the issue and upgrade serialize-javascript but it has not been approved or merged as of yet.
Is it possible to move away from compression-webpack-plugin?
The text was updated successfully, but these errors were encountered: