Open mladenstojanovic opened 4 years ago
Yup we'll fix these in the next minor update.
@jayair Currently serialize-javascript has a high vulnerability in serverless-bundle > copy-webpack-plugin > serialize-javascript. Can you update the copy-webpack-plugin to eliminate the vulnerabilty?
Got it. Here's the update:
https://github.com/AnomalyInnovations/serverless-bundle/releases/tag/v3.0.1
Running npm audit with this package installed shows high vulnerabilities with handlebars package (serverless-bundle > jest > jest-cli > @jest/core > @jest/reporters > istanbul-reports > handlebars) Also, serialize-javascript shows moderate vulnerability (serverless-bundle > webpack > terser-webpack-plugin > serialize-javascript )