Several high vulnerabilities CVE-2019-16772, CVE-2019-16769, CVE-2020-7660 are introduced in create-elm-appΒ #599
Description
Hi, several high vulnerabilities CVE-2019-16772, CVE-2019-16769, CVE-2020-7660 are introduced in create-elm-app via:
β [email protected] β [email protected] β [email protected]
uglifyjs-webpack-plugin is a legacy package. It has not been maintained for about 2 years, and is not likely to be updated.
Is it possible to migrate uglifyjs-webpack-plugin to other package to remediate this vulnerability?
I noticed several migration records for uglifyjs-webpack-plugin in other js repos, such as
- in weaveworks-ui-components, version 0.22.5 β 0.22.6, migrate from uglifyjs-webpack-plugin to terser-webpack-plugin via commit
- in immortal-db, version 1.0.3 β 1.1.0, migrate from uglifyjs-webpack-plugin to terser-webpack-plugin via commit
Are there any efforts planned that would remediate this vulnerability or migrate uglifyjs-webpack-plugin?
Thanks
; )