Bump terser from 4.6.13 to 4.7.0 (!30856) · Merge requests · Bootstrap / bootstrap

Merged Administrator requested to merge dependabot/npm_and_yarn/terser-4.7.0 into master May 19, 2020

Created by: dependabot-preview[bot]

Bumps terser from 4.6.13 to 4.7.0.

Changelog

v4.7.0

A bug was fixed where an arrow function would have the wrong size

arguments object is now considered safe to retrieve properties from (useful for length, or 0) even when pure_getters is not set.

Fixed erroneous const declarations without value (which is invalid) in some corner cases when using collapse_vars.

Commits

ee6b8af 4.7.0
807f729 update changelog
2e0e6c2 audit fix
87f7e7f fix functional tests
9b11e3d update node version
2ddf987 fix: fix a bug in AST_Arrow.prototype._size (#701)
149e580 consider property access of arguments object to be pure. Closes #687
2a25f3f ensure const declarations values are replaced with something, since const...
See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the .dependabot/config.yml file in this repo:

Update frequency
Out-of-range updates (receive only lockfile updates, if desired)
Security updates (receive only security updates, if desired)