Skip to content

Commit b7ab828

Browse files
yashvanthbl137-cryptoyashvanthbl137-crypto
committed
fix: update serialize-javascript to 7.0.3
Resolves GHSA-5c6j-r48x-rmvq RCE vulnerability via RegExp.flags and Date.prototype.toISOString(). Affects dev dependencies only. Ticket: CGARD-518
1 parent f57cee0 commit b7ab828

2 files changed

Lines changed: 5 additions & 6 deletions

File tree

package.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,7 @@
6767
"**/cacache/glob": "11.1.0",
6868
"**/pacote/glob": "11.1.0",
6969
"**/sha.js": ">=2.4.12",
70+
"**/serialize-javascript": "7.0.3",
7071
"jspdf": ">=4.2.0",
7172
"@ethereumjs/util": "8.0.3",
7273
"@types/keyv": "3.1.4",

yarn.lock

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -18671,12 +18671,10 @@ send@0.19.0:
1867118671
range-parser "~1.2.1"
1867218672
statuses "2.0.1"
1867318673

18674-
serialize-javascript@^6.0.0, serialize-javascript@^6.0.2:
18675-
version "6.0.2"
18676-
resolved "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.2.tgz"
18677-
integrity sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==
18678-
dependencies:
18679-
randombytes "^2.1.0"
18674+
serialize-javascript@7.0.3, serialize-javascript@^6.0.0, serialize-javascript@^6.0.2:
18675+
version "7.0.3"
18676+
resolved "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-7.0.3.tgz#c92008d8a21bc7b2307c2e885a4bd0f03b2aee6c"
18677+
integrity sha512-h+cZ/XXarqDgCjo+YSyQU/ulDEESGGf8AMK9pPNmhNSl/FzPl6L8pMp1leca5z6NuG6tvV/auC8/43tmovowww==
1868018678

1868118679
serve-index@^1.9.1:
1868218680
version "1.9.1"

0 commit comments

Comments
 (0)