Security vulnerability via transitive dependency on `serialize-javascript` via `rollup-plugin-terser`

I've started to see vulnerability reports on a number of projects that all look like this: https://github.com/bullet-train-co/bullet_train-core/security/dependabot/557

The issue arises because `microbundle` depends on the deprecated `rollup-plugin-terser` package which has its dependency on `serialize-javascript` declared with `^4.0.0`.

Updating `microbundle` to `@rollup/plugin-terser` should fix the dependency chain, but I don't know if it would introduce other issues.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security vulnerability via transitive dependency on `serialize-javascript` via `rollup-plugin-terser` #1100

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Security vulnerability via transitive dependency on serialize-javascript via rollup-plugin-terser #1100

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions

Security vulnerability via transitive dependency on `serialize-javascript` via `rollup-plugin-terser` #1100