One of the dependencies of rollup-plugin-visualizer is @rollup/plugin-terser. The version 0.4.4 of this package still depends on "serialize-javascript" that has a high severity code-injection vulnerability .
The 1.0.0 version of @rollup/plugin-terser uses a version of serialize-javascript that does not have the vulnerability.
Please update to the 1.0.0 version of @rollup/plugin-terser so that consumers of this package won't be exposed to this code-injection exploit.
One of the dependencies of rollup-plugin-visualizer is @rollup/plugin-terser. The version 0.4.4 of this package still depends on "serialize-javascript" that has a high severity code-injection vulnerability .
The 1.0.0 version of @rollup/plugin-terser uses a version of serialize-javascript that does not have the vulnerability.
Please update to the 1.0.0 version of @rollup/plugin-terser so that consumers of this package won't be exposed to this code-injection exploit.