[Snyk] Security upgrade @rails/webpacker from 5.1.1 to 5.2.2

[twilio-product-security]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Certificate Validation SNYK-JS-NODESASS-1059081	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SCSSTOKENIZER-2339884	No	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	No	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	No	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @rails/webpacker

The new version differs by 55 commits.

• 745837a 5.2.2
• 21e2e6a Bump deps and remove node-sass (#2997)
• 6fbacc8 Merge pull request #2903 from pedrofurtado/5-x-stable
• 27a42bf Update ruby.yml
• b46ce72 Update file.js (#2902)
• 2f0f955 Support to Yarn v2/berry for webpacker 5.x (#2889)
• 9ec5daa 5.2.1
• e0b693d Revert "set Webpacker logger to tagged when rails TaggedLogging (#1311)"
• 38e3028 Fix test
• b7eb831 5.2.0
• f929500 Update webpack dependencies (#2692)
• 905b8ab Update terser-webpack-plugin (#2687)
• 63ff6e4 Minor dependency bump (#2686)
• 370fbfd Lint
• df050da Update debugging instructions (#2422)
• 92a1fdc environment.plugins.get('Manifest').opts is now environment.plugins.get('Manifest').options. (#2434)
• 04540f8 Fix doc spacing in helper.rb (#2325)
• 6d64a51 Allows setting of parallelization options (#2093)
• 76c174b set Webpacker logger to tagged when rails TaggedLogging (#1311)
• 409009b Documentation for target browsers (#2634)
• c71dc65 Remove default from rules (#2662)
• 82a1332 Use ruby/setup-ruby@v1 (#2618)
• 8cafa21 Remove default value from transform-runtime (#2666)
• 26109b3 Fix file-loader compat issue in webpacker 5 (#2668)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary Code Injection
🦉 More lessons are available in Snyk Learn