chore(deps): update dependency serialize-javascript to v7.0.7#6333
Conversation
Up to standards ✅🟢 Issues
|
There was a problem hiding this comment.
Code Review
This PR is a Renovate Bot–generated patch update: serialize-javascript 7.0.6 → 7.0.7.
Change summary:
docs/package.json— resolution pin bumped from 7.0.6 → 7.0.7docs/yarn.lock— lockfile entry updated with the new resolved hash and integrity checksum
Security fix context:
The upstream release notes indicate this patch fixes a security issue: it rejects spoofed RegExp objects whose source property is not a string, preventing potential XSS or serialization-bypass attacks. The package is used in the docs/ build toolchain (Vite/Webpack-family dependency), so it is not part of TUnit's runtime test engine. That said, bumping it is the right call — a known CVE in any dependency is worth patching promptly.
No concerns with this PR. The diff is minimal, mechanical, and matches the stated intent. The lockfile integrity hashes look consistent with a clean upstream publish.
Approve ✅
This PR contains the following updates:
7.0.6→7.0.7Release Notes
yahoo/serialize-javascript (serialize-javascript)
v7.0.7Compare Source
What's Changed
Full Changelog: yahoo/serialize-javascript@v7.0.6...v7.0.7
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate.