Webpack-obfuscator 3.3.0 has broken order (MAY LEAK CODE!)

[SagePtr]

I use webpack-obfuscator in conjunction with other webpack plugins: BannerPlugin and CompressionPlugin. And starting from version 3.3.0, it runs after all stages and even after CompressionPlugin, which makes unobfuscated source code leak in .gz and .br assets (because they skip obfuscation stage at all!) I wonder how many obfuscated code got leaked because of this buggy breaking change. It's urgent to revert this functionality and probably add an option to force webpack-obfuscator after any other plugins, but off by default not to break existing webpack configs where there are some plugins like CompressionPlugin to produce gzipped and brotlied asset versions + security notice about turning this option on.

[sanex3339]

What stage i can use instead?

[SagePtr]

I think, PROCESS_ASSETS_STAGE_PRE_PROCESS stage is even better for obfuscation, so the consequent stages will be done against already obfuscated code lowering the chance to extract unobfuscated code somewhere and leak it or to break some transformations the user may want to apply later.

[sanex3339]

Published as 3.3.1. Please check it. I changed stage on PROCESS_ASSETS_STAGE_SUMMARIZE, so seems It works both with DefinePlugin and CompressionPlugin

[SagePtr]

Works good with CompressionPlugin. Doesn't work with BannerPlugin (if no @preserve exists), but it's not critical.

[sanex3339]

Nice. I keep it as is if BannerPlugin is not critical