Hi, several high vulnerabilities CVE-2019-16772, CVE-2019-16769, CVE-2020-7660 are introduced in create-elm-app via:
● create-elm-app@5.22.0 ➔ uglifyjs-webpack-plugin@1.3.0 ➔ serialize-javascript@1.9.1
uglifyjs-webpack-plugin is a legacy package. It has not been maintained for about 2 years, and is not likely to be updated.
Is it possible to migrate uglifyjs-webpack-plugin to other package to remediate this vulnerability?
I noticed several migration records for uglifyjs-webpack-plugin in other js repos, such as
in weaveworks-ui-components, version 0.22.5 ➔ 0.22.6, migrate from uglifyjs-webpack-plugin to terser-webpack-plugin via commit
in immortal-db, version 1.0.3 ➔ 1.1.0, migrate from uglifyjs-webpack-plugin to terser-webpack-plugin via commit
Are there any efforts planned that would remediate this vulnerability or migrate uglifyjs-webpack-plugin?
Hi, several high vulnerabilities CVE-2019-16772, CVE-2019-16769, CVE-2020-7660 are introduced in create-elm-app via: ● create-elm-app@5.22.0 ➔ uglifyjs-webpack-plugin@1.3.0 ➔ serialize-javascript@1.9.1
uglifyjs-webpack-plugin is a legacy package. It has not been maintained for about 2 years, and is not likely to be updated. Is it possible to migrate uglifyjs-webpack-plugin to other package to remediate this vulnerability?
I noticed several migration records for uglifyjs-webpack-plugin in other js repos, such as
Are there any efforts planned that would remediate this vulnerability or migrate uglifyjs-webpack-plugin?
Thanks ; )