-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Security upgrade terser-webpack-plugin from 5.3.10 to 5.3.11 #6660
base: main
Are you sure you want to change the base?
Conversation
…ties The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607
|
Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id> |
1 similar comment
Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 Looks good to me! Reviewed everything up to 3696a01 in 19 seconds
More details
- Looked at
13
lines of code in1
files - Skipped
1
files when reviewing. - Skipped posting
1
drafted comments based on config settings.
1. frontend/package.json:122
- Draft comment:
The version ofterser-webpack-plugin
in the PR description does not match the version in the code. The description mentions upgrading from 5.3.10 to 5.3.11, but the code changes it from 5.2.5 to 5.3.11. Please ensure the PR description accurately reflects the changes made. - Reason this comment was not posted:
Comment did not seem useful.
Workflow ID: wflow_GCjGFmxoW2oGSUrp
You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet
mode, and more.
Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id> |
Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.
Snyk changed the following file(s):
frontend/package.json
frontend/yarn.lock
Note for zero-installs users
If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the
.yarn/cache/
directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to runyarn
to update the contents of the./yarn/cache
directory.If you are not using zero-install you can ignore this as your flow should likely be unchanged.
Vulnerabilities that will be fixed with an upgrade:
SNYK-JS-SERIALIZEJAVASCRIPT-6147607
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Cross-site Scripting (XSS)
Important
Upgrade
terser-webpack-plugin
to fix a Cross-site Scripting (XSS) vulnerability.terser-webpack-plugin
from5.3.10
to5.3.11
infrontend/package.json
andfrontend/yarn.lock
to fix a Cross-site Scripting (XSS) vulnerability.This description was created by for 3696a01. It will automatically update as commits are pushed.