chore: update serialize-javascript package

[gmegidish]

No description provided.

[coderabbitai]

Walkthrough

This change adds an npm overrides rule to pin the serialize-javascript package to version ^7.0.3. The modification affects dependency resolution for the specified package without altering any existing devDependencies declarations. The change introduces 3 new lines to the configuration file.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	No description was provided by the author, making it impossible to assess relevance to the changeset.	Add a pull request description explaining the purpose of the serialize-javascript version pin, such as fixing a security issue or resolving a compatibility problem.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding an npm overrides rule to pin serialize-javascript to ^7.0.3.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore-update-serialize-javascript

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@test/package.json`:
- Around line 28-29: The overrides entry for "serialize-javascript" pins a
vulnerable version; update the override value under the JSON "overrides" object
for the "serialize-javascript" key from "^7.0.3" to "^7.0.5" so the dependency
uses the patch that fixes the CVE (CPU exhaustion DoS) released in 7.0.5.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 360fd7d4-6a4c-41f0-809a-61621195c143

📥 Commits

Reviewing files that changed from the base of the PR and between 079dfc7 and 3352377.

⛔ Files ignored due to path filters (1)

• test/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• test/package.json

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify serialize-javascript version and check for security advisories

# Check if version 7.0.3 exists on npm registry
echo "Checking npm registry for serialize-javascript versions..."
curl -s https://registry.npmjs.org/serialize-javascript | jq -r '.versions | keys[] | select(startswith("7.0"))' | sort -V

# Check the latest version
echo -e "\nLatest version:"
curl -s https://registry.npmjs.org/serialize-javascript | jq -r '.["dist-tags"].latest'

# Check for security advisories
echo -e "\nChecking for security advisories..."
gh api graphql -f query='
{
  securityVulnerabilities(first: 10, ecosystem: NPM, package: "serialize-javascript") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

Repository: mobile-next/mobilecli

Length of output: 1440

---

Update to serialize-javascript@^7.0.5 to fix all known vulnerabilities.

Version 7.0.3 exists and fixes the HIGH severity RCE vulnerability (patched in 7.0.3), but a newer MODERATE severity CPU Exhaustion DoS vulnerability (CVE in serialize-javascript < 7.0.5) is patched in version 7.0.5 (released 2026-03-27). Update the override from ^7.0.3 to ^7.0.5 to ensure all known vulnerabilities are addressed.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/package.json` around lines 28 - 29, The overrides entry for
"serialize-javascript" pins a vulnerable version; update the override value
under the JSON "overrides" object for the "serialize-javascript" key from
"^7.0.3" to "^7.0.5" so the dependency uses the patch that fixes the CVE (CPU
exhaustion DoS) released in 7.0.5.