compression-webpack-plugin and serialize-javascript@^1.4.0 dependency #2387
Comments
|
compression-webpack-plugin has made a fix webpack-contrib/compression-webpack-plugin#139 |
|
This should fix the issue: After this, run |
|
To pickup the fix mentioned by @clearyandzap, this worked for me: $ yarn upgrade "@rails/webpacker@^4.2.2"
$ yarn auditYarn audit confirmed the fix. |
bunnymatic
pushed a commit
to carbonfive/raygun-rails
that referenced
this issue
Mar 10, 2020
Problem ---------- `@rails/webpacker` had security issues in dependencies of dependencies. Read more here  and here rails/webpacker#2387 Solution -------- Upgrade `@rails/webpacker`
|
Is this issue can be closed ? |
|
@Yenwod solution works for me |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
One of this repros dependancies (compression-webpack-plugin) has a dependency of serialize-javascript@^1.4.0 which has a known issue GHSA-h9rv-jmmf-4pgx .
The compression-webpack-plugin repro has not been updated in 6 months, someone has submitted a PR to fix the issue and upgrade serialize-javascript but it has not been approved or merged as of yet.
Is it possible to move away from compression-webpack-plugin?
The text was updated successfully, but these errors were encountered: