[Snyk] Fix for 1 vulnerabilities

[twilio-product-security]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/flex-plugin-webpack/package.json
  • packages/flex-plugin-webpack/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: terser-webpack-plugin

The new version differs by 69 commits.

• e679881 chore(release): 5.0.0
• 937a314 docs: update
• 393f249 refactor: next
• a80213f ci: updated webpack versions (add webpack boilerplate as a package #332)
• 8ae4b80 chore(release): 4.2.3
• 041b392 fix: better minimizing `mjs` assets (change the loglevel to info #329)
• b9c694d fix: minify `cjs` assets (remove unused deps #328)
• f49e786 chore(release): 4.2.2
• a75dc8b fix: related asset info
• 4103571 chore(deps): update
• 0b537c6 test: fix (remove scripts from template #318)
• 978793e chore(release): 4.2.1
• f5bd8f8 fix: compatibility with webpack@5
• 0e21d92 test: cache (forgot to add these two files #316)
• 5de108d refactor: remove unused code (bump packages and fix versions #315)
• 5340814 fix: cache for extracted comments (Update Keytar Dependency in flex-dev-utils  #314)
• bbfa283 chore(deps): update (create-flex-plugin command throws error #313)
• 17303be chore(release): 4.2.0
• 4bd622c feat: pass the `terserOptions` to the `minify` option (add main to travis #311)
• defde64 feat: improve caching
• 92f53b6 chore(deps): update
• c760c13 test: `realContentHash` ([BUG] Deleting default service stops plugins being uploaded, is not recoverable #304)
• 479d28b refactor: code (Dependency '@k88/pipe-compose@^2.1.1' not found on install. #303)
• 9d861d8 fix: use webpack.sources when it's available for webpack@5 (add support to spawn scripts #301)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• f2f998b 5.1.1
• bcd6190 Merge pull request #11704 from webpack/bugfix/delete-asset
• 11935a9 Merge pull request #11703 from webpack/bugfix/11678
• 63ba54c update chunk to files mapping when deleting assets
• 4669600 Merge pull request #11690 from webpack/bugfix/11673
• 234373e Merge pull request #11702 from webpack/deps/terser
• b6bc273 fix infinite loop in inner graph optimization
• 50c3a83 fix unused modules in chunk when optimizing runtime-specific
• 5d9d9b9 fix runtime-specific handling in concatenated modules
• 250e37c add test case
• 7925652 upgrade terser-webpack-plugin
• 27796db Merge pull request #11669 from webpack/dependabot/npm_and_yarn/ts-loader-8.0.5
• bd5aab8 Merge pull request #11692 from webpack/dependabot/npm_and_yarn/babel/core-7.12.0
• 886bbd5 Merge pull request #11693 from webpack/dependabot/npm_and_yarn/react-dom-16.14.0
• 3a14b3d Merge pull request #11694 from webpack/dependabot/npm_and_yarn/react-16.14.0
• ddf9936 chore(deps-dev): bump react from 16.13.1 to 16.14.0
• dc6e69a chore(deps-dev): bump react-dom from 16.13.1 to 16.14.0
• 8f18de9 chore(deps-dev): bump @ babel/core from 7.11.6 to 7.12.0
• c0410e8 Merge pull request #11686 from webpack/bugfix/11677
• 4504046 order runtime chunks correctly when they depend on each other
• 74a44cd add comment to help tagging for the bot
• e97efb7 chore(deps-dev): bump ts-loader from 8.0.4 to 8.0.5
• 77329b4 5.1.0
• 48c10f3 Merge pull request #11653 from log2-hwan/fix-moduletemplate-deprecation

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• c9271b9 chore(release): 4.0.0
• 18bf369 test: fix stability (#3676)
• cdcabb2 fix: respect protocol from browser for manual setup (#3675)
• 1768d6b fix: initial reloading for lazy compilation (#3662)
• 4f5bab1 docs: improve examples (#3672)
• f2d87fb fix: improve https CLI output (#3673)
• 0277c5e chore: remove redundant console statements (#3671)
• 16fcdbc docs: add `ipc` example (#3667)
• 8915fb8 test: add e2e tests for built in routes (#3669)
• 4d1cbe1 docs: ask `version` information in issue template (#3668)
• b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (#3666)
• ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (#3665)
• f1fdaa7 chore(release): 4.0.0-rc.1
• c4678bc fix: legacy API (#3660)
• d8bdd03 test: fix stability (#3661)
• 22b1414 refactor: remove `killable` (#3657)
• 75bafbf test: add e2e tests for module federation (#3658)
• 493ccbd chore(deps): update `ws` (#3652)
• ae8c523 test: add e2e test for universal compiler (#3656)
• f94b84f chore(deps): update (#3655)
• 1923132 test: fix cli
• 2adfd01 test: fix todo (#3653)
• 6e2cbde fix: proxy logging and allow to pass options without the `target` option (#3651)
• c9ccc96 fix: respect infastructureLogging.level for client.logging (#3613)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (8377c39) 89.64% compared to head (2861161) 89.64%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #863   +/-   ##
=======================================
  Coverage   89.64%   89.64%           
=======================================
  Files         140      140           
  Lines       13438    13438           
  Branches     1014     1014           
=======================================
  Hits        12046    12046           
  Misses       1377     1377           
  Partials       15       15           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[shwet2407]

Duplicate PR with #881. Closing