Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

uglifyjs-webpack-plugin vulnerability #133

Closed
tx-michael opened this issue Feb 6, 2020 · 1 comment · Fixed by #134
Closed

uglifyjs-webpack-plugin vulnerability #133

tx-michael opened this issue Feb 6, 2020 · 1 comment · Fixed by #134

Comments

@tx-michael
Copy link
Contributor

In the webpack.config, the minimizer plugin used currently is UglifyJsWebpackPlugin. This Plugin has a dependency serialize-javascript which has a cross-site scriting vulnerability: https://npmjs.com/advisories/1426.

Uglifyjs-webpack-plugin itself is archived so the webpack config should switch to to use terser-webpack-plugin.
@tx-michael tx-michael mentioned this issue Feb 6, 2020
Merged
@pomek
Copy link
Member

pomek commented Feb 27, 2020

As we switched our builds to Terser some months ago (ckeditor/ckeditor5#1353), I think we can agree that the change should be applied in this repo as well.

pomek added a commit that referenced this issue Feb 27, 2020
@pomek
Merge pull request #134 from tx-michael/t/133
1b175ad 
Docs: Replaced UglifyJS with Terser. Closes #133.

Thanks to @tx-michael for the contribution.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

update webpack.config to replace UglifyJS with Terser tx-michael/ckeditor5-react
2 participants
@pomek @tx-michael