Skip to content

Bump serialize-javascript and terser-webpack-plugin in /apps/functional_chat#53

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/apps/functional_chat/multi-9dd3b9b346
Open

Bump serialize-javascript and terser-webpack-plugin in /apps/functional_chat#53
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/apps/functional_chat/multi-9dd3b9b346

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 22, 2026

Copy link
Copy Markdown

Removes serialize-javascript. It's no longer used after updating ancestor dependency terser-webpack-plugin. These dependencies need to be updated together.

Removes serialize-javascript

Updates terser-webpack-plugin from 5.3.10 to 5.6.0

Release notes

Sourced from terser-webpack-plugin's releases.

v5.6.0

Minor Changes

  • support array of minimizers for minify and terserOptions (by @​alexander-akait in #674)

  • add built-in CSS minimizers from css-minimizer-webpack-plugin (by @​alexander-akait in #674)

  • add built-in HTML minimizers from html-minimizer-webpack-plugin (by @​alexander-akait in #674)

  • add filter method to minimizers, allowing a single plugin instance to handle multiple asset types (by @​alexander-akait in #674)

  • terser-webpack-plugin has been renamed to minimizer-webpack-plugin, merging other minimizers from css-minimizer-webpack-plugin and html-minimizer-webpack-plugin. We will continue to publish new releases under the old name, but we recommend switching to the new package - minimizer-webpack-plugin. It is now a single plugin for minification. We also added the ability to specify different minifier types using only one plugin instance, which will improve performance. (by @​alexander-akait in #677)

  • rename terserOptions to minimizerOptions; terserOptions is kept as a deprecated alias (by @​alexander-akait in #674)

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

v5.5.0

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

5.5.0 (2026-04-23)

Features

  • support extractComments in swcMinify (#665) (03143d3)

v5.4.0

5.4.0 (2026-03-10)

Features

  • added ability to minimize JSON using jsonMinify (#657) (29ac915)

v5.3.17

5.3.17 (2026-03-03)

Bug Fixes

  • update serialize-javascript (37c490c)

v5.3.16

5.3.16 (2025-12-11)

Bug Fixes

... (truncated)

Changelog

Sourced from terser-webpack-plugin's changelog.

5.6.0

Minor Changes

  • support array of minimizers for minify and terserOptions (by @​alexander-akait in #674)

  • add built-in CSS minimizers from css-minimizer-webpack-plugin (by @​alexander-akait in #674)

  • add built-in HTML minimizers from html-minimizer-webpack-plugin (by @​alexander-akait in #674)

  • add filter method to minimizers, allowing a single plugin instance to handle multiple asset types (by @​alexander-akait in #674)

  • terser-webpack-plugin has been renamed to minimizer-webpack-plugin, merging other minimizers from css-minimizer-webpack-plugin and html-minimizer-webpack-plugin. We will continue to publish new releases under the old name, but we recommend switching to the new package - minimizer-webpack-plugin. It is now a single plugin for minification. We also added the ability to specify different minifier types using only one plugin instance, which will improve performance. (by @​alexander-akait in #677)

  • rename terserOptions to minimizerOptions; terserOptions is kept as a deprecated alias (by @​alexander-akait in #674)

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

5.5.0 (2026-04-23)

Features

  • support extractComments in swcMinify (#665) (03143d3)

5.4.0 (2026-03-10)

Features

  • added ability to minimizer JSON using jsonMinify (#657) (29ac915)

5.3.17 (2026-03-03)

Bug Fixes

  • update serialize-javascript (37c490c)

5.3.16 (2025-12-11)

Bug Fixes

5.3.15 (2025-12-05)

Bug Fixes

  • catch error when loading minimizers (#639) (586af0a)
  • respect errors and warnings from minimizer without code (8607f79)

5.3.14 (2025-03-06)

... (truncated)

Commits
  • 57bdcfc chore(release): new release (#675)
  • 6feeda0 chore: add changelog entry (#677)
  • dd360be chore: rename other things
  • d78b6bd ci: dual-publish release as minimizer-webpack-plugin and terser-webpack-plugi...
  • e06c526 docs: add changesets for changes since v5.5.0 (#674)
  • a875994 chore: update codebase
  • 2bfd4f8 ci: add changesets-driven release workflow (#672)
  • 9b82a77 test: cover multi-asset minify and js-only minimizer fallback (#671)
  • 34610d9 feat: added the filter method to minimizers and allow to handle different a...
  • 1a34e62 feat: add built-in CSS minimizers from css-minimizer-webpack-plugin (#669)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for terser-webpack-plugin since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note

Medium Risk
Build-time dependency updates (notably terser-webpack-plugin/terser) can change bundling/minification output and potentially impact production builds, though runtime app code is unchanged.

Overview
Updates apps/functional_chat dependency resolution primarily by upgrading terser-webpack-plugin (and terser/acorn/schema validation deps) and removing serialize-javascript from the resolved tree.

The lockfile also loosens several previously latest pins to * (e.g., next-auth, eslint-config-next, @types/react, typescript) and prunes a number of now-unneeded optional/peer transitive packages as part of the refreshed install.

Reviewed by Cursor Bugbot for commit ac97ac4. Bugbot is set up for automated code reviews on this repo. Configure here.

Removes [serialize-javascript](https://github.com/yahoo/serialize-javascript). It's no longer used after updating ancestor dependency [terser-webpack-plugin](https://github.com/webpack/minimizer-webpack-plugin). These dependencies need to be updated together.


Removes `serialize-javascript`

Updates `terser-webpack-plugin` from 5.3.10 to 5.6.0
- [Release notes](https://github.com/webpack/minimizer-webpack-plugin/releases)
- [Changelog](https://github.com/webpack/minimizer-webpack-plugin/blob/main/CHANGELOG.md)
- [Commits](webpack/minimizer-webpack-plugin@v5.3.10...v5.6.0)

---
updated-dependencies:
- dependency-name: serialize-javascript
  dependency-version:
  dependency-type: indirect
- dependency-name: terser-webpack-plugin
  dependency-version: 5.6.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 22, 2026
@vercel

vercel Bot commented May 22, 2026

Copy link
Copy Markdown
Contributor

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
functional-chat Ready Ready Preview, Comment May 22, 2026 8:30am
transcription-demo Ready Ready Preview, Comment May 22, 2026 8:30am

Request Review

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit ac97ac4. Configure here.

"d3-node": "^3.0.0",
"eslint": "8.36.0",
"eslint-config-next": "latest",
"eslint-config-next": "*",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lockfile mismatches package.json version specifiers for four dependencies

Low Severity

The packages[""] section in package-lock.json now uses "*" for eslint-config-next, next-auth, @types/react, and typescript, but package.json still specifies "latest" for all four. These are semantically different — "latest" resolves the npm dist-tag while "*" is a semver range matching any version. This mismatch between package.json and the lockfile could cause npm ci to fail with an "out of sync" error depending on the npm version used in CI.

Additional Locations (2)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit ac97ac4. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants