Update dependency webpack-bundle-analyzer to v3.3.2 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
webpack-bundle-analyzer	3.0.3 -> 3.3.2

GitHub Vulnerability Alerts

GHSA-pgr8-jg6h-8gw6

Versions of webpack-bundle-analyzer prior to 3.3.2 are vulnerable to Cross-Site Scripting. The package uses JSON.stringify() without properly escaping input which may lead to Cross-Site Scripting.

Recommendation

Upgrade to version 3.3.2 or later.

---

Release Notes

webpack/webpack-bundle-analyzer (webpack-bundle-analyzer)

v3.3.2

Compare Source

• Bug Fix
  • Fix regression with escaping internal assets (#​264, fixes #​263)

v3.3.1

Compare Source

• Improvements

  • Use relative links for serving internal assets (#​261, fixes #​254)
  • Properly escape embedded JS/JSON (#​262)

• Bug Fix

  • Fix showing help message on -h flag (#​260, fixes #​239)

v3.3.0

Compare Source

• New Feature

  • Show/hide chunks using context menu (#​246, @​bregenspan)

• Internal

  • Updated dev dependencies

v3.2.0

Compare Source

• Improvements
  • Add support for .mjs output files (#​252, @​jlopezxs)

v3.1.0

Compare Source

• Bug Fix
  • Properly determine the size of the modules containing special characters (#​223, @​hulkish)
  • Update acorn to v6 (#​248, @​realityking)

v3.0.4

Compare Source

• Bug Fix
  • Make webpack's done hook wait until analyzer writes report or stat file (#​247, @​mareolan)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.