TreyM-WSS / whitesource-demo-1

0 stars 0 forks source link

Update dependency terser to v4.8.1 - autoclosed #95

Closed mend-for-github-com[bot] closed 1 year ago

mend-for-github-com[bot] commented 2 years ago

This PR contains the following updates:

Package Type Update Change
terser (source) devDependencies minor 4.3.1 -> 4.8.1

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 7.5 CVE-2022-25858 #92

Release Notes

terser/terser ### [`v4.8.1`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v481-backport) [Compare Source](https://togithub.com/terser/terser/compare/v4.8.0...v4.8.1) - Security fix for RegExps that should not be evaluated (regexp DDOS) ### [`v4.8.0`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v480) [Compare Source](https://togithub.com/terser/terser/compare/v4.7.0...v4.8.0) - Support for numeric separators (`million = 1_000_000`) was added. - Assigning properties to a class is now assumed to be pure. - Fixed bug where `yield` wasn't considered a valid property key in generators. ### [`v4.7.0`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v470) [Compare Source](https://togithub.com/terser/terser/compare/v4.6.13...v4.7.0) - A bug was fixed where an arrow function would have the wrong size - `arguments` object is now considered safe to retrieve properties from (useful for `length`, or `0`) even when `pure_getters` is not set. - Fixed erroneous `const` declarations without value (which is invalid) in some corner cases when using `collapse_vars`. ### [`v4.6.13`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v4613) [Compare Source](https://togithub.com/terser/terser/compare/v4.6.12...v4.6.13) - Fixed issue where ES5 object properties were being turned into ES6 object properties due to more lax unicode rules. - Fixed parsing of BigInt with lowercase `e` in them. ### [`v4.6.12`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v4612) [Compare Source](https://togithub.com/terser/terser/compare/v4.6.11...v4.6.12) - Fixed subtree comparison code, making it see that `[1,[2, 3]]` is different from `[1, 2, [3]]` - Printing of unicode identifiers has been improved ### [`v4.6.11`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v4611) [Compare Source](https://togithub.com/terser/terser/compare/v4.6.10...v4.6.11) - Read unused classes' properties and method keys, to figure out if they use other variables. - Prevent inlining into block scopes when there are name collisions - Functions are no longer inlined into parameter defaults, because they live in their own special scope. - When inlining identity functions, take into account the fact they may be used to drop `this` in function calls. - Nullish coalescing operator (`x ?? y`), plus basic optimization for it. - Template literals in binary expressions such as `+` have been further optimized ### [`v4.6.10`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v4610) [Compare Source](https://togithub.com/terser/terser/compare/v4.6.9...v4.6.10) - Do not use reduce_vars when classes are present ### [`v4.6.9`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v469) [Compare Source](https://togithub.com/terser/terser/compare/v4.6.8...v4.6.9) - Check if block scopes actually exist in blocks ### [`v4.6.8`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v468) [Compare Source](https://togithub.com/terser/terser/compare/v4.6.7...v4.6.8) - Take into account "executed bits" of classes like static properties or computed keys, when checking if a class evaluation might throw or have side effects. ### [`v4.6.7`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v467) [Compare Source](https://togithub.com/terser/terser/compare/v4.6.6...v4.6.7) - Some new performance gains through a `AST_Node.size()` method which measures a node's source code length without printing it to a string first. - An issue with setting `--comments` to `false` in the CLI has been fixed. - Fixed some issues with inlining - `unsafe_symbols` compress option was added, which turns `Symbol("name")` into just `Symbol()` - Brought back compress performance improvement through the `AST_Node.equivalent_to(other)` method (which was reverted in v4.6.6). ### [`v4.6.6`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v466) [Compare Source](https://togithub.com/terser/terser/compare/v4.6.5...v4.6.6) (hotfix release) - Reverted code to 4.6.4 to allow for more time to investigate an issue. ### [`v4.6.5`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v465-REVERTED) [Compare Source](https://togithub.com/terser/terser/compare/v4.6.4...v4.6.5) - Improved compress performance through using a new method to see if two nodes are equivalent, instead of printing them to a string. ### [`v4.6.4`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v464) [Compare Source](https://togithub.com/terser/terser/compare/v4.6.3...v4.6.4) - The `"some"` value in the `comments` output option now preserves `@lic` and other important comments when using `//` - `` is now better escaped in regex, and in comments, when using the `inline_script` output option - Fixed an issue when transforming `new RegExp` into `/.../` when slashes are included in the source - `AST_Node.prototype.constructor` now exists, allowing for easier debugging of crashes - Multiple if statements with the same consequents are now collapsed - Typescript typings improvements - Optimizations while looking for surrogate pairs in strings ### [`v4.6.3`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v463) [Compare Source](https://togithub.com/terser/terser/compare/v4.6.2...v4.6.3) - Annotations such as `/*#__NOINLINE__*/` and `/*#__PURE__*/` may now be preserved using the `preserve_annotations` output option - A TypeScript definition update for the `keep_quoted` output option. ### [`v4.6.2`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v462) [Compare Source](https://togithub.com/terser/terser/compare/v4.6.1...v4.6.2) - A bug where functions were inlined into other functions with scope conflicts has been fixed. - `/*#__NOINLINE__*/` annotation fixed for more use cases where inlining happens. ### [`v4.6.1`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v4613) [Compare Source](https://togithub.com/terser/terser/compare/v4.6.0...v4.6.1) - Fixed issue where ES5 object properties were being turned into ES6 object properties due to more lax unicode rules. - Fixed parsing of BigInt with lowercase `e` in them. ### [`v4.6.0`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v460) [Compare Source](https://togithub.com/terser/terser/compare/v4.5.1...v4.6.0) - Fixed issues with recursive class references. - BigInt evaluation has been prevented, stopping Terser from evaluating BigInts like it would do regular numbers. - Class property support has been added ### [`v4.5.1`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v451) [Compare Source](https://togithub.com/terser/terser/compare/v4.5.0...v4.5.1) (hotfix release) - Fixed issue where `() => ({})[something]` was not parenthesised correctly. ### [`v4.5.0`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v450) [Compare Source](https://togithub.com/terser/terser/compare/v4.4.3...v4.5.0) - Inlining has been improved - An issue where keep_fnames combined with functions declared through variables was causing name shadowing has been fixed - You can now set the ES version through their year - The output option `keep_numbers` has been added, which prevents Terser from turning `1000` into `1e3` and such - Internal small optimisations and refactors ### [`v4.4.3`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v443) [Compare Source](https://togithub.com/terser/terser/compare/v4.4.2...v4.4.3) - Number and BigInt parsing has been fixed - `/*#__INLINE__*/` annotation fixed for arrow functions with non-block bodies. - Functional tests have been added, using [this repository](https://togithub.com/terser/terser-functional-tests). - A memory leak, where the entire AST lives on after compression, has been plugged. ### [`v4.4.2`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v442) [Compare Source](https://togithub.com/terser/terser/compare/v4.4.1...v4.4.2) - Fixed a problem with inlining identity functions ### [`v4.4.1`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v441) [Compare Source](https://togithub.com/terser/terser/compare/v4.4.0...v4.4.1) *note:* This introduced a feature, therefore it should have been a minor release. - Fixed a crash when `unsafe` was enabled. - An issue has been fixed where `let` statements might be collapsed out of their scope. - Some error messages have been improved by adding quotes around variable names. ### [`v4.4.0`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v440) [Compare Source](https://togithub.com/terser/terser/compare/v4.3.11...v4.4.0) - Added `/*#__INLINE__*/` and `/*#__NOINLINE__*/` annotations for calls. If a call has one of these, it either forces or forbids inlining. ### [`v4.3.11`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v4311) [Compare Source](https://togithub.com/terser/terser/compare/v4.3.10...v4.3.11) - Fixed a problem where `window` was considered safe to access, even though there are situations where it isn't (Node.js, workers...) - Fixed an error where `++` and `--` were considered side-effect free - `Number(x)` now needs both `unsafe` and and `unsafe_math` to be compressed into `+x` because `x` might be a `BigInt` - `keep_fnames` now correctly supports regexes when the function is in a variable declaration ### [`v4.3.10`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v4310) [Compare Source](https://togithub.com/terser/terser/compare/v4.3.9...v4.3.10) - Fixed syntax error when repeated semicolons were encountered in classes - Fixed invalid output caused by the creation of empty sequences internally - Scopes are now updated when scopes are inlined into them ### [`v4.3.9`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v439) [Compare Source](https://togithub.com/terser/terser/compare/v4.3.8...v4.3.9) - Fixed issue with mangle's `keep_fnames` option, introduced when adding code to keep variable names of anonymous functions ### [`v4.3.8`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v438) [Compare Source](https://togithub.com/terser/terser/compare/v4.3.7...v4.3.8) - Typescript typings fix ### [`v4.3.7`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v437) [Compare Source](https://togithub.com/terser/terser/compare/v4.3.6...v4.3.7) - Parsing of regex options in the CLI (which broke in v4.3.5) was fixed. - typescript definition updates ### [`v4.3.6`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v436) [Compare Source](https://togithub.com/terser/terser/compare/4c9a81bb4fd3d1271c1e5c808940392673acc418...v4.3.6) (crash hotfix) ### [`v4.3.5`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v435) [Compare Source](https://togithub.com/terser/terser/compare/v4.3.4...4c9a81bb4fd3d1271c1e5c808940392673acc418) - Fixed an issue with DOS line endings strings separated by `\` and a new line. - Improved fix for the output size regression related to unused references within the extends section of a class. - Variable names of anonymous functions (eg: `const x = () => { ... }` or `var func = function () {...}`) are now preserved when keep_fnames is true. - Fixed performance degradation introduced for large payloads in v4.2.0 ### [`v4.3.4`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v434) [Compare Source](https://togithub.com/terser/terser/compare/v4.3.3...v4.3.4) - Fixed a regression where the output size was increased when unused classes were referred to in the extends clause of a class. - Small typescript typings fixes. - Comments with `@preserve`, `@license`, `@cc_on` as well as comments starting with `/*!` and `/**!` are now preserved by default. ### [`v4.3.3`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v433) [Compare Source](https://togithub.com/terser/terser/compare/v4.3.2...v4.3.3) - Fixed a problem where parsing template strings would mix up octal notation and a slash followed by a zero representing a null character. - Started accepting the name `async` in destructuring arguments with default value. - Now Terser takes into account side effects inside class `extends` clauses. - Added parens whenever there's a comment between a return statement and the returned value, to prevent issues with ASI. - Stopped using raw RegExp objects, since the spec is going to continue to evolve. This ensures Terser is able to process new, unknown RegExp flags and features. This is a breaking change in the AST node AST_RegExp. ### [`v4.3.2`](https://togithub.com/terser/terser/blob/HEAD/CHANGELOG.md#v432) [Compare Source](https://togithub.com/terser/terser/compare/v4.3.1...v4.3.2) - Typescript typing fix - Ensure that functions can't be inlined, by reduce_vars, into places where they're accessing variables with the same name, but from somewhere else.