Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency webpack-bundle-analyzer to v3 [SECURITY] #1757

Merged
merged 1 commit into from
Sep 1, 2019
Merged

Update dependency webpack-bundle-analyzer to v3 [SECURITY] #1757

merged 1 commit into from
Sep 1, 2019

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 1, 2019
edited
Loading

This PR contains the following updates:

Package Type Update Change
webpack-bundle-analyzer devDependencies major ^2.11.1 -> ^3.0.0

GitHub Vulnerability Alerts

GHSA-pgr8-jg6h-8gw6 / WS-2019-0058

Versions of webpack-bundle-analyzer prior to 3.3.2 are vulnerable to Cross-Site Scripting. The package uses JSON.stringify() without properly escaping input which may lead to Cross-Site Scripting.

Release Notes

webpack-contrib/webpack-bundle-analyzer

v3.3.2

Compare Source

  • Bug Fix
    • Fix regression with escaping internal assets (#​264, fixes #​263)

v3.3.1

Compare Source

  • Improvements

    • Use relative links for serving internal assets (#​261, fixes #​254)
    • Properly escape embedded JS/JSON (#​262)

  • Bug Fix

v3.3.0

Compare Source

  • New Feature

  • Internal

    • Updated dev dependencies

v3.2.0

Compare Source

v3.1.0

Compare Source

v3.0.4

Compare Source

  • Bug Fix
    • Make webpack's done hook wait until analyzer writes report or stat file (#​247, @​mareolan)

v3.0.3

Compare Source

v3.0.2

Compare Source

v3.0.1

Compare Source

  • Bug Fix
    • Small UI fixes

v3.0.0

Compare Source

  • Breaking change

    • Dropped support for Node.js v4. Minimal required version now is v6.14.4
    • Contents of concatenated modules are now hidden by default because of a number of related issues (details), but can be shown using a new checkbox in the sidebar.

  • New Feature

    • Added modules search
    • Added ability to pin and resize the sidebar
    • Added button to toggle the sidebar
    • Added checkbox to show/hide contents of concatenated modules

  • Improvements

    • Nested folders that contain only one child folder are now visually merged i.e. folder1 => folder2 => file1 is now shown like folder1/folder2 => file1 (thanks to @​varun-singh-1 for the idea)

  • Internal

    • Dropped support for Node.js v4
    • Using MobX for state management
    • Updated dependencies

Renovate configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR is stale, or if you modify the PR title to begin with "rebase!".

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot. View repository job log here.

@renovate renovate bot requested a review from outoftime September 1, 2019 17:39
@renovate renovate bot force-pushed the renovate/npm-webpack-bundle-analyzer-vulnerability branch 3 times, most recently from 5c7670f to 0d83232 Compare September 1, 2019 18:44
@renovate renovate bot force-pushed the renovate/npm-webpack-bundle-analyzer-vulnerability branch from 0d83232 to c3a328c Compare September 1, 2019 19:05
@outoftime outoftime merged commit a526295 into master Sep 1, 2019
@outoftime outoftime deleted the renovate/npm-webpack-bundle-analyzer-vulnerability branch September 1, 2019 20:02
outoftime added a commit to outoftime/popcode that referenced this pull request Sep 4, 2019
@outoftime
Merge branch 'master' of https://github.com/popcodeorg/popcode
262a89a 
* 'master' of https://github.com/popcodeorg/popcode:
  Update dependency browser-sync to v2.26.7 (popcodeorg#1773)
  Update dependency cloudflare to v2.5.1 (popcodeorg#1774)
  Update dependency brfs to v2.0.2 (popcodeorg#1772)
  Update Node.js to v10.16.3 (popcodeorg#1765)
  Update dependency bowser to v2.5.3 (popcodeorg#1771)
  Update dependency bower to v1.8.8 (popcodeorg#1770)
  Update dependency babel-eslint to v10.0.3 (popcodeorg#1769)
  Update Jest (popcodeorg#1764)
  Update Redux (popcodeorg#1767)
  Update Project libraries (popcodeorg#1766)
  Update Font Awesome (popcodeorg#1763)
  Update dependency jquery to v3.4.0 [SECURITY] (popcodeorg#1756)
  Update Bugsnag to v6.4.0 (popcodeorg#1761)
  Pin dependency webpack-bundle-analyzer to 3.4.1 (popcodeorg#1762)
  Update dependency webpack-bundle-analyzer to v3 [SECURITY] (popcodeorg#1757)
  Add rebaseStalePrs to Renovate config (popcodeorg#1760)
  Update Karma & Tape (popcodeorg#1755)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@outoftime outoftime Awaiting requested review from outoftime

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@outoftime @renovate-bot