Skip to content

chore(deps): update dependency serialize-javascript to v7.0.7#6333

Merged
thomhurst merged 1 commit into
mainfrom
renovate/serialize-javascript-7.x
Jun 30, 2026
Merged

chore(deps): update dependency serialize-javascript to v7.0.7#6333
thomhurst merged 1 commit into
mainfrom
renovate/serialize-javascript-7.x

Conversation

@thomhurst

Copy link
Copy Markdown
Owner

This PR contains the following updates:

Package Type Update Change
serialize-javascript resolutions patch 7.0.67.0.7

Release Notes

yahoo/serialize-javascript (serialize-javascript)

v7.0.7

Compare Source

What's Changed

Full Changelog: yahoo/serialize-javascript@v7.0.6...v7.0.7


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

@thomhurst thomhurst added dependencies Pull requests that update a dependency file PATCH renovate-bot labels Jun 30, 2026
@thomhurst thomhurst enabled auto-merge (squash) June 30, 2026 12:49
@codacy-production

Copy link
Copy Markdown

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

@claude claude Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This PR is a Renovate Bot–generated patch update: serialize-javascript 7.0.6 → 7.0.7.

Change summary:

  • docs/package.json — resolution pin bumped from 7.0.6 → 7.0.7
  • docs/yarn.lock — lockfile entry updated with the new resolved hash and integrity checksum

Security fix context:
The upstream release notes indicate this patch fixes a security issue: it rejects spoofed RegExp objects whose source property is not a string, preventing potential XSS or serialization-bypass attacks. The package is used in the docs/ build toolchain (Vite/Webpack-family dependency), so it is not part of TUnit's runtime test engine. That said, bumping it is the right call — a known CVE in any dependency is worth patching promptly.

No concerns with this PR. The diff is minimal, mechanical, and matches the stated intent. The lockfile integrity hashes look consistent with a clean upstream publish.

Approve ✅

@thomhurst thomhurst merged commit c18a8e9 into main Jun 30, 2026
15 checks passed
@thomhurst thomhurst deleted the renovate/serialize-javascript-7.x branch June 30, 2026 13:13
This was referenced Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file PATCH renovate-bot

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants