While the accepted answer is a good one, it does not differentiate between CRIME and BREACH. For a full understanding it is helpful to understand its differences.
In general: The compressed data should not contain secrets. And it should not reflect user input. If it does not, you are safe. As Javascript usually contains no secrets and also contains no user input, it can be safe. But there is a catch:
CRIME: If you use HTTPS/SPDY/HTTP2 compression, then the whole response is cached - and that includes HTTP headers. If the headers contain no secrets, you are safe. If they do (e.g. contain a JWT access token) you are compromised.
BREACH: If you use content compression, headers are not compressed. In this case you are safe for Javascript.
What I am writing is covering Javascript. If your content is different and contains secrets, you should not use gzip. One example would be to transmit a confirmation code for 2FA.