Skip to content

fix(rrweb-worker): bump @rollup/plugin-terser to ^1.0.0#283

Merged
chargome merged 1 commit intosentry-v2from
cg/bump-rollup-plugin-terser
Apr 16, 2026
Merged

fix(rrweb-worker): bump @rollup/plugin-terser to ^1.0.0#283
chargome merged 1 commit intosentry-v2from
cg/bump-rollup-plugin-terser

Conversation

@chargome
Copy link
Copy Markdown
Member

@chargome chargome commented Apr 16, 2026
edited
Loading

Summary

  • Bumps @rollup/plugin-terser from ^0.4.4 to ^1.0.0 in packages/rrweb-worker
  • Pulls in serialize-javascript@7.0.5 which resolves security alerts

Breaking changes in @rollup/plugin-terser v1.0.0

  • Node.js >=20 required — we use Node 20, not affected
  • serialize-javascript upgraded to v7 — internal dep, no API change. terser() plugin options unchanged, build verified passing

Dependabot alerts resolved

  • Alert #239 (medium) — serialize-javascript CPU exhaustion DoS
  • Alert #214 (high) — serialize-javascript RCE via RegExp.flags

🤖 Generated with Claude Code

@chargome @claude
fix(rrweb-worker): bump @rollup/plugin-terser from ^0.4.4 to ^1.0.0
ad0cd94 
Only breaking change is Node >=20 requirement (already met).
Resolves dependabot alerts for serialize-javascript (RCE via
RegExp.flags and CPU exhaustion DoS via crafted objects).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@chargome chargome self-assigned this Apr 16, 2026
@chargome chargome requested a review from andreiborza April 16, 2026 11:13
@chargome chargome merged commit b22a8f4 into sentry-v2 Apr 16, 2026
21 checks passed
@chargome chargome deleted the cg/bump-rollup-plugin-terser branch April 16, 2026 13:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andreiborza andreiborza andreiborza approved these changes

Assignees

@chargome chargome

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chargome @andreiborza