[Snyk] Upgrade workbox-build from 5.0.0 to 5.1.4

[snyk-bot]

Snyk has created this PR to upgrade workbox-build from 5.0.0 to 5.1.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 5 versions ahead of your current version.
• The recommended version was released a year ago, on 2020-09-09.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	492/1000 Why? Proof of Concept exploit, CVSS 7.7	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	492/1000 Why? Proof of Concept exploit, CVSS 7.7	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	492/1000 Why? Proof of Concept exploit, CVSS 7.7	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	492/1000 Why? Proof of Concept exploit, CVSS 7.7	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	492/1000 Why? Proof of Concept exploit, CVSS 7.7	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-590103	492/1000 Why? Proof of Concept exploit, CVSS 7.7	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-567746	492/1000 Why? Proof of Concept exploit, CVSS 7.7	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	492/1000 Why? Proof of Concept exploit, CVSS 7.7	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	492/1000 Why? Proof of Concept exploit, CVSS 7.7	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: workbox-build

• 5.1.4 - 2020-09-09
  

  The v5.1.4 release contains a dependency update for rollup-plugin-terser, resolving a security error with one of its dependencies.

  See #2601

• 5.1.3 - 2020-04-24
  

  🐛 What's Fixed?

  workbox-build

  • Correct workbox-build's getManifest() JSDoc [#2429]

  workbox-cli

  • Don't check swSrc for hardcoded injection point in wizard flow [#2451]

  workbox-core

  • handlerCallback JSDocs update [#2440]

  workbox-precaching

  • Remove the isSWEnv assertion [#2453]
  • Update message to remove duplicate is [#2466]

  Thanks!

  Special thanks to @ akonchady for contributing a PR that went in to this release.

• 5.1.2 - 2020-03-25
  

  🐛 What's Fixed?

  workbox-build

  • Reverted the strip-comments dependency to an earlier revision, to provide continued compatibility with the v8.x.y releases of node. [#2416]

  Thanks!

  Special thanks to @ Mister-Hope for raising issues that were resolved in this release.

• 5.1.1 - 2020-03-19
  

  (We ran into some issues with the v5.1.0 release process, so v5.1.1 is a republish of the same code.)

  🎉 What's New?

  workbox-routing

  • Adjusted the debug logging code so that a URL's hash portion is displayed. [#2371]

  workbox-webpack-plugin

  • A new compileSrc option (defaulting to true) has been added. If set to false, then webpack will not run the swSrc file through a compilation. This can be useful if you want your swDest output to be, e.g., a JSON file which contains your precache manifest. [#2412]

  🐛 What's Fixed?

  workbox-webpack-plugin

  • Switch to official package exports when using internal webpack modules. [#2397]
  • webpackCompilationPlugins that customize the swSrc compilation should now be properly applied. [#2400]

  Thanks!

  Special thanks to @ aritsune, @ bailnl, @ novaknole and @ pizzafox for raising issues that were resolved in this release.

• 5.1.0 - 2020-03-19
  

  v5.1.0

• 5.0.0 - 2020-01-29
  Read more

from workbox-build GitHub release notes

Commit messages

Package name: workbox-build

• a95b6fd v5.1.4
• 997bd7b Relax linting?
• 178d80d rollup-plugin-terser bump
• fe43995 v5.1.3
• a8c6639 Update message to remove duplicate `is` (Update message to remove duplicate is GoogleChrome/workbox#2466)
• 1fe1613 Update GitHub actions to use Node 12 (Update GitHub actions to use Node 12 GoogleChrome/workbox#2457)
• 26958c6 Remove the isSWEnv dev assertion (Remove the isSWEnv assertion GoogleChrome/workbox#2453)
• 257b5c4 Fixes rejections in Windows tests (Fixes unhandled rejections in Windows tests GoogleChrome/workbox#2452)
• 18939e4 Change swSrc validation (Don't check swSrc for hardcoded injection point in wizard flow GoogleChrome/workbox#2451)
• 0f2ffda Add test filters for selective test running (Add test filters for selective test running GoogleChrome/workbox#2441)
• 3063972 Swap node versions in our CI tests (Swap node versions in our CI tests GoogleChrome/workbox#2444)
• 43406c7 handlerCallback JSDocs update (handlerCallback JSDocs update GoogleChrome/workbox#2440)
• 3ac0956 Correct the getManifest JSDoc (Correct the workbox-build's getManifest() JSDoc GoogleChrome/workbox#2429)
• 3f8d99a v5.1.2
• 51427eb Bump MIN_RELEASE_TAG_TO_PUBLISH
• 89840b2 Add test of yarn installation (Add test of yarn installation, and revert strip-comments version GoogleChrome/workbox#2416)
• 1169b5e v5.1.1
• 84be9ce 5.1.0 again
• 6d21dbe Switch back to 5.0.0
• aa4e335 Switch to v4.0.0 or above
• a9273d8 Revert octokit update
• 2a6b84b v5.1.0
• 1a77f7f Add compileSrc option to InjectManifet webpack plugin (Add compileSrc option to InjectManifet webpack plugin GoogleChrome/workbox#2412)
• a284bee Fix/plugins workbox webpack plugin (Fix/plugins workbox webpack plugin GoogleChrome/workbox#2400)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs