Several high vulnerabilities CVE-2019-16772, CVE-2019-16769, CVE-2020-7660 are introduced in @ant-design/tools

Hi, @afc163, Several high vulnerabilities CVE-2019-16772, CVE-2019-16769, CVE-2020-7660 are introduced in @ant-design/tools via:
●  @ant-design/tools@13.6.1 ➔ uglifyjs-webpack-plugin@2.2.0 ➔ serialize-javascript@1.9.1

**_uglifyjs-webpack-plugin_** is a legacy package. It has not been maintained for about 2 years, and is not likely to be updated.
Is it possible to migrate uglifyjs-webpack-plugin to other package to remediate this vulnerability?

I noticed several migration records for **_uglifyjs-webpack-plugin_** in other js repos, such as

1. in weaveworks-ui-components, version 0.22.5 ➔ 0.22.6, migrate from uglifyjs-webpack-plugin to terser-webpack-plugin via [commit](https://github.com/weaveworks/ui-components/pull/521/commits/4f14e82b9bae4d1ee856f172575cdc28c9bdfebd)
2. in immortal-db, version 1.0.3 ➔ 1.1.0, migrate from uglifyjs-webpack-plugin to terser-webpack-plugin via [commit](https://github.com/gruns/ImmortalDB/commit/1fd5ae249eedd1ec79a9bd7cdb224d49ba074b2e)

Are there any efforts planned that would remediate this vulnerability or migrate **_uglifyjs-webpack-plugin_**?

Thanks
 ; )

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Several high vulnerabilities CVE-2019-16772, CVE-2019-16769, CVE-2020-7660 are introduced in @ant-design/tools #245

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Several high vulnerabilities CVE-2019-16772, CVE-2019-16769, CVE-2020-7660 are introduced in @ant-design/tools #245

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions