Skip to content

Commit e70df01

Browse files
cYKatherineclaude
cYKatherine
and
claude
committed
UID2-6676: upgrade serialize-javascript to fix GHSA-5c6j-r48x-rmvq RCE
Adds serialize-javascript override to pin to patched version: - overrides/serialize-javascript: (new) ^7.0.3 GHSA-5c6j-r48x-rmvq: Critical RCE via unsanitized RegExp.flags and Date.prototype.toISOString() in serialized output, affects serialize-javascript <= 7.0.2. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent 93c117a commit e70df01

2 files changed

Lines changed: 29 additions & 16 deletions

File tree

package-lock.json

Lines changed: 27 additions & 15 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,8 @@
8080
},
8181
"overrides": {
8282
"form-data": "^4.0.4",
83-
"qs": "6.14.1"
83+
"qs": "6.14.1",
84+
"serialize-javascript": "^7.0.3"
8485
},
8586
"browserslist": [
8687
"defaults"

0 commit comments

Comments
 (0)