Bump terser-webpack-plugin to v4 to fix an issue with Node 18. #17659
Conversation
|
For maintainers only:
|
| @@ -25,7 +25,7 @@ | |||
| "node-libs-browser": "^2.2.1", | |||
| "schema-utils": "^1.0.0", | |||
| "tapable": "^1.1.3", | |||
| "terser-webpack-plugin": "^1.4.3", | |||
| "terser-webpack-plugin": "^4.2.3", | |||
There was a problem hiding this comment.
CI is failing. Probably because terser-webpack-plugin dropped support for Node <10.13, can you install the older version on CI when the node is if that is the case?
There was a problem hiding this comment.
I agree I think this is a suitable solution especially given this won't be touched again (🤞 ) after we land this change.
There was a problem hiding this comment.
Other than the CI failures, technically webpack4 still declares a Node 6+ requirement, so the requirement may need to be updated if it's not made backward compatible - although probably a nitpick given how ancient and EOL even Node 10 is now (security EOL 30 April 2021).
Lines 95 to 97 in dfffd6a
|
Thanks for the md4 issue fix in v4.47.0, will the terser-webpack-plugin package bump be available in v4.48.0? |
|
Is there any update on this one? I also encountered an error thrown from terser-webpack-plugin when upgrading to Node v18.18.0 and Webpack v4.47.0. This PR would help to resolve the error. |
|
@nguyenvu9405 You may be able to work around this with a forced resolution/override in your Yarn 2+ "resolutions": {
"webpack@npm:4.47.0/terser-webpack-plugin": "^4.2.3"
},NPM "overrides": {
"webpack@4.47.0": {
"terser-webpack-plugin": "^4.2.3"
}
} |
|
Thank you @chadlwilson , I have applied that solution and it worked. But it is a work-around, so I hope this PR can be merged to resolve it officially. |
change webpack hash function to sha256 to avoid insecure hash error override terser version until webpack 4.48 is released to fix insecure hash error. webpack/webpack#17659
change webpack hash function to sha256 to avoid insecure hash error override terser version until webpack 4.48 is released to fix insecure hash error. webpack/webpack#17659
change webpack hash function to sha256 to avoid insecure hash error override terser version until webpack 4.48 is released to fix insecure hash error. webpack/webpack#17659
change webpack hash function to sha256 to avoid insecure hash error. override terser version until webpack 4.48 is released to fix insecure hash error. webpack/webpack#17659
change webpack hash function to sha256 to avoid insecure hash error. override terser version until webpack 4.48 is released to fix insecure hash error. webpack/webpack#17659
|
+1 from me for getting this merged in to avoid having to use the NPM override please. |
|
I can accept the fix |
yarn run build failed to run, due to following error:
ERROR in sharetribe-flex-sdk-web.js from Terser
Error: error:0308010C:digital envelope routines::unsupported
Read more here: webpack/webpack#14532
To fix the issue:
- Upgrade webpack to 4.47.0 (see: webpack/webpack#17628)
- Add `resolutions` block for terser-webpack-plugin until this PR is
merged (webpack/webpack#17659)
|
Fixed by webpack-contrib/terser-webpack-plugin#608, you can update deps locally because of |
Summary
🤖 Generated by Copilot at f67b661
This pull request adds Node.js 18.17.1 to the CI pipeline and updates the
terser-webpack-plugindependency to fix security issues.Details
🤖 Generated by Copilot at f67b661
azure-pipelines.yml