Skip to content

fix(deps): vuln serialize-javascript (major → 7.0.5) #37535

Draft
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
masterfrom
engraver-auto-version-upgrade/major/npm/3-1781564417
Draft

fix(deps): vuln serialize-javascript (major → 7.0.5) #37535
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
masterfrom
engraver-auto-version-upgrade/major/npm/3-1781564417

Conversation

@gh-worker-campaigns-3e9aa4

@gh-worker-campaigns-3e9aa4 gh-worker-campaigns-3e9aa4 Bot commented Jun 15, 2026

Copy link
Copy Markdown

Summary: High-severity security update — 1 package upgraded (MAJOR changes included)

Manifests changed:

  • . (yarn)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

Updates

Package From To Type Dep Type Vulnerabilities Fixed
serialize-javascript 2.1.2 7.0.5 major Direct 3 HIGH

Warning

Major Version Upgrade

This update includes major version changes that may contain breaking changes. Please:

  • Review the changelog/release notes for breaking changes
  • Test thoroughly in a staging environment
  • Update any code that depends on changed APIs
  • Ensure all tests pass before merging

Security Details

🚨 Critical & High Severity (3 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
serialize-javascript GHSA-5c6j-r48x-rmvq HIGH Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() 2.1.2 7.0.3
serialize-javascript GHSA-hxcc-f52p-wc94 HIGH Insecure serialization leading to RCE in serialize-javascript 2.1.2 3.1.0
serialize-javascript CVE-2020-7660 HIGH - 2.1.2 -

Review Checklist

Extra review is recommended for this update:

  • Review changes for compatibility with your code
  • Check release notes for breaking changes
  • Run integration tests to verify service behavior
  • Test in staging environment before production
  • Monitor key metrics after deployment
  • Approve and merge this PR

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

adms-dependency-update adms-high-severity adms-major-update adms-mode-all-vulns adms-npm campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants