-
Notifications
You must be signed in to change notification settings - Fork 508
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update rollup-plugin-terser to the latest version 🚀 #731
Conversation
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
We've gotta get this upgraded -- there is now a high vulnerability on 5.3.0.
|
@dclark27 thanks for the note. 6.0 is a breaking change and fails tests here. It also requires both Node 10+ (planned for v0.14.0) and Rollup v2 (not yet planned, that requires updating a lot of Rollup plugins, which wasn't possible a few months ago). That advisory is from today so I would not expect an immediate response on that. If you need to update immediately, you could probably override the version in |
@agilgur5 Sounds good! I'll take a look in the morning and see if there is any way to get something out in the meantime. |
This comment has been minimized.
This comment has been minimized.
FYI from developit/microbundle#695 (comment):
Still looking to upgrade Rollup et al to v2 soon, but it'll make v0.14.0 a good bit more breaking, so may hold off on it till v0.15.0 |
FYI, edit: in fact, since 5.3.1 is covered by the current version range, consumers can get rid of the warning themselves 🎉 |
Nice catch @Yurickh, so no need for TSDX to do anything then as this has been resolved upstream and we only pin the major version. If you want to get rid of this warning (TSDX isn't susceptible to the vulnerability per my previous comment), then update your |
You can also avoid the lock hash conflicts by removing and re-adding tsdx (effectively reinstalling), as this will get you the most up-to-date version matching the version range of its dependencies. |
Superseded by #889 |
- Update Rollup to 2.28.2. Fixes jaredpalmer#821, closes jaredpalmer#545 - Update @rollup/plugin-commonjs. Upgrading this required Rollup 2 without any note in the changelog. Closes jaredpalmer#727 - Update @rollup/plugin-json to 4.1.0. v4.0.3 is the first to add Rollup 2 in the peerDep range. Older versions are forward-compatible but will produce a peerDep warning - Update @rollup/plugin-replace to 2.3.3. v2.3.2 is the first version to add Rollup 2 in the peerDep range. - Update rollup-plugin-terser to v7. v6 requires rollup 2 and Node 10+. v7 introduces Terser 5, requires Node >= 10 and supports some new JS syntax. fixes jaredpalmer#803, #fixes 797, closes jaredpalmer#731 - Update rollup-plugin-postcss to 3.1. Closes jaredpalmer#693. - Remove sourcemap option from terser rollup plugin config, as of rollup-plugin-terser v6.0, it’s inferred automatically from Rollup’s output.source config.
- Update Rollup to 2.28.2. Fixes jaredpalmer#821, closes jaredpalmer#545 - Update @rollup/plugin-commonjs. Upgrading this required Rollup 2 without any note in the changelog. Closes jaredpalmer#727 - Update @rollup/plugin-json to 4.1.0. v4.0.3 is the first to add Rollup 2 in the peerDep range. Older versions are forward-compatible but will produce a peerDep warning - Update @rollup/plugin-replace to 2.3.3. v2.3.2 is the first version to add Rollup 2 in the peerDep range. - Update rollup-plugin-terser to v7. v6 requires rollup 2 and Node 10+. v7 introduces Terser 5, requires Node >= 10 and supports some new JS syntax. fixes jaredpalmer#803, #fixes 797, closes jaredpalmer#731 - Update rollup-plugin-postcss to 3.1. Closes jaredpalmer#693. - Remove sourcemap option from terser rollup plugin config, as of rollup-plugin-terser v6.0, it’s inferred automatically from Rollup’s output.source config.
🚨 Reminder! Less than one month left to migrate your repositories over to Snyk before Greenkeeper says goodbye on June 3rd! 💜 🚚💨 💚
Find out how to migrate to Snyk at greenkeeper.io
The dependency rollup-plugin-terser was updated from
5.3.0
to6.0.0
.This version is not covered by your current version range.
If you don’t accept this pull request, your project will work just like it did before. However, you might be missing out on a bunch of new features, fixes and/or performance improvements from the dependency update.
Publisher: trysound
License: MIT
Find out more about this release.
FAQ and help
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper bot 🌴