From 4570a74699bff0221aa8354351108d960e72e37c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Jan 2025 16:36:22 +0000 Subject: [PATCH 1/2] chore(deps): bump eventsource from 1.0.7 to 1.1.2 Bumps [eventsource](https://github.com/EventSource/eventsource) from 1.0.7 to 1.1.2. - [Release notes](https://github.com/EventSource/eventsource/releases) - [Changelog](https://github.com/EventSource/eventsource/blob/main/CHANGELOG.md) - [Commits](https://github.com/EventSource/eventsource/compare/v1.0.7...v1.1.2) --- updated-dependencies: - dependency-name: eventsource dependency-type: indirect ... Signed-off-by: dependabot[bot] --- yarn.lock | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/yarn.lock b/yarn.lock index ad8a8f0..510d401 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4046,11 +4046,9 @@ events@^3.0.0: integrity sha512-Rv+u8MLHNOdMjTAFeT3nCjHn2aGlx435FP/sDHNaRhDEMwyI/aB22Kj2qIN8R0cw3z28psEQLYwxVKLsKrMgWg== eventsource@^1.0.7: - version "1.0.7" - resolved "https://registry.yarnpkg.com/eventsource/-/eventsource-1.0.7.tgz#8fbc72c93fcd34088090bc0a4e64f4b5cee6d8d0" - integrity sha512-4Ln17+vVT0k8aWq+t/bF5arcS3EpT9gYtW66EPacdj/mAFevznsnyoHLPy2BA8gbIQeIHoPsvwmfBftfcG//BQ== - dependencies: - original "^1.0.0" + version "1.1.2" + resolved "https://registry.yarnpkg.com/eventsource/-/eventsource-1.1.2.tgz#bc75ae1c60209e7cb1541231980460343eaea7c2" + integrity sha512-xAH3zWhgO2/3KIniEKYPr8plNSzlGINOUqYj0m0u7AB81iRw8b/3E73W6AuU+6klLbaSFmZnaETQ2lXPfAydrA== evp_bytestokey@^1.0.0, evp_bytestokey@^1.0.3: version "1.0.3" @@ -6683,13 +6681,6 @@ optionator@^0.8.1, optionator@^0.8.3: type-check "~0.3.2" word-wrap "~1.2.3" -original@^1.0.0: - version "1.0.2" - resolved "https://registry.yarnpkg.com/original/-/original-1.0.2.tgz#e442a61cffe1c5fd20a65f3261c26663b303f25f" - integrity sha512-hyBVl6iqqUOJ8FqRe+l/gS8H+kKYjrEndd5Pm1MfBtsEKA038HkkdbAl/72EAXGyonD/PFsvmVG+EvcIpliMBg== - dependencies: - url-parse "^1.4.3" - os-browserify@^0.3.0: version "0.3.0" resolved "https://registry.yarnpkg.com/os-browserify/-/os-browserify-0.3.0.tgz#854373c7f5c2315914fc9bfc6bd8238fdda1ec27" From 4936b4b8bd630ac1ef8fd7f5790256b74b8cb118 Mon Sep 17 00:00:00 2001 From: Cinthia Elizabeth Villalejos Zamora Date: Tue, 4 Feb 2025 17:47:02 +0000 Subject: [PATCH 2/2] fix(chore): updating webpack dependencies and config (#35) - Upgrading webpack version and replacing uglify for terser plugin in webpack config. - Upgrading loader-utils to fix protoype pollution in webpack. - Upgrading json-schema to fix protoytpe pollution. --- package.json | 12 +++++++----- webpack.config.js | 4 ++-- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/package.json b/package.json index 67a02f4..11472be 100644 --- a/package.json +++ b/package.json @@ -38,13 +38,15 @@ "ssf": "^0.10.2", "styled-components": "6.1.8", "to-string-loader": "^1.1.5", - "uglifyjs-webpack-plugin": "^1.2.5", - "webpack": "^4.39.3", - "webpack-cli": "^3.3.9", - "webpack-dev-server": "^3.7.1" + "terser-webpack-plugin": "^5.3.10", + "webpack": "^5.94.0", + "webpack-cli": "^5.1.4", + "webpack-dev-server": "5.0.4" }, "resolutions": { - "js-yaml": "3.13.1" + "js-yaml": "3.13.1", + "loader-utils": "2.0.4", + "json-schema": "0.4.0" }, "devDependencies": { "jest": "^29.7.0" diff --git a/webpack.config.js b/webpack.config.js index 1d3905d..7769162 100755 --- a/webpack.config.js +++ b/webpack.config.js @@ -1,6 +1,6 @@ var path = require('path'); -const UglifyJSPlugin = require('uglifyjs-webpack-plugin'); +const TerserPlugin = require('terser-webpack-plugin'); var webpackConfig = { mode: 'production', @@ -20,7 +20,7 @@ var webpackConfig = { extensions: ['.js'], modules: [path.join(__dirname, '../src'), 'node_modules'], }, - plugins: [new UglifyJSPlugin()], + plugins: [new TerserPlugin()], module: { rules: [ {test: /\.(js|jsx)$/, use: 'babel-loader'},