vue-aplayer
vue-aplayer copied to clipboard
MoePlayer
build(deps): [security] bump webpack-bundle-analyzer from 3.0.3 to 3.9.0
Bumps webpack-bundle-analyzer from 3.0.3 to 3.9.0. This update includes a security fix.
Vulnerabilities fixed
Sourced from The GitHub Security Advisory Database.
Cross-Site Scripting in webpack-bundle-analyzer Versions of
webpack-bundle-analyzerprior to 3.3.2 are vulnerable to Cross-Site Scripting. The package usesJSON.stringify()without properly escaping input which may lead to Cross-Site Scripting.Recommendation
Upgrade to version 3.3.2 or later.
Affected versions: < 3.3.2
Changelog
Sourced from webpack-bundle-analyzer's changelog.
3.9.0
New Feature
- Adds option
reportTitleto set title in HTML reports; default remains date of report generation (#354 by @eoingroat)Improvement
- Added capability to parse bundles that have child assets generated (#376 by @masterkidan and #378 by @https://github.com/dabbott)
3.8.0
Improvement
New Feature
- Support WebWorkerChunkTemplatePlugin (#353 by @Gongreg)
Bug Fix
3.7.0
New Feature
Improvement
3.6.1
Bug Fix
Internal
- Update some dependencies to get rid of vulnerability warnings (#339)
3.6.0
- Improvement
- Support webpack builds where
output.globalObjectis set to'self'(#323 by @lemonmade)- Improve readability of tooltips (#320 by @lorenzos)
3.5.2
- Bug Fix
- Fix sidebar not showing visibility status of chunks hidden via popup menu (issue #316 by @gaokun, fixed in #317 by @bregenspan)
3.5.1
Commits
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labelswill set the current labels as the default for future PRs for this repo and language@dependabot use these reviewerswill set the current reviewers as the default for future PRs for this repo and language@dependabot use these assigneeswill set the current assignees as the default for future PRs for this repo and language@dependabot use this milestonewill set the current milestone as the default for future PRs for this repo and language@dependabot badge mewill comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot dashboard:
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
![dependabot-preview[bot] avatar](https://avatars.githubusercontent.com/in/2141?v=4 "Published by a pub.dev verified publisher"){kind=small}
Deploy preview for aplayer ready!
Built with commit 6e80607db283816b32429fa8dfed1f18a403e3f4
https://deploy-preview-436--aplayer.netlify.app
