Skip to content

Latest release (5.1.1) is using dependency, which has older version of dependency with known issue #2693

Closed
@hasanen

Description

@hasanen

Latest release (5.1.1) is using 3.x branch of compression-webpack-plugin, which is using 2.x branch of serialize-javascript. And now yarn audit it gives a notice from it.

In master branch compression-webpack-plugin is updated to 4.x, which in other hand is using 3.x of serialize-javascript and thus has non-vulnerable version.

Could you make a new release? Or is there a way where I/we could get that 2.x of serialize-javascript updated?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions