Skip to content

npm(deps): bump serialize-javascript from 6.0.2 to 7.0.5 in the npm_and_yarn group across 1 directory#129

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-07458b7518
Open

npm(deps): bump serialize-javascript from 6.0.2 to 7.0.5 in the npm_and_yarn group across 1 directory#129
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-07458b7518

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 4, 2026
edited
Loading

Bumps the npm_and_yarn group with 1 update in the / directory: serialize-javascript.

Updates serialize-javascript from 6.0.2 to 7.0.5

Release notes

Sourced from serialize-javascript's releases.

v7.0.5

Fixes

  • Improve robustness and validation for array-like object serialization.
  • Fix an issue where certain object structures could lead to excessive CPU usage.

For more details, please see GHSA-qj8w-gfj5-8c6v.

v7.0.4

What's Changed

Full Changelog: yahoo/serialize-javascript@v7.0.3...v7.0.4

v7.0.3

  • fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207) 2e609d0
  • build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206) 42b7cdb

yahoo/serialize-javascript@v7.0.2...v7.0.3

v7.0.2

What's Changed

Full Changelog: yahoo/serialize-javascript@v7.0.1...v7.0.2

v7.0.1

What's Changed

New Contributors

Full Changelog: yahoo/serialize-javascript@v7.0.0...v7.0.1

v7.0.0

Breaking Changes

  • requires Node.js v20+

What's Changed

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for serialize-javascript since your current version.

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Apr 4, 2026
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Apr 4, 2026

Labels

The following labels could not be found: npm. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-07458b7518 branch 3 times, most recently from d6cd582 to 4cc023a Compare April 14, 2026 12:19
@dependabot
npm(deps): bump serialize-javascript from 6.0.2 to 7.0.5 in the npm_a…
95ebda2 
…nd_yarn group across 1 directory

Dependabot couldn't find the original pull request head commit, 05d6c61.
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-07458b7518 branch from 4cc023a to 95ebda2 Compare April 20, 2026 17:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants