chore: resolve security issue with patch fixes

[ahmed-deriv]

This pull request adds two new dependencies to the package.json file. These dependencies are likely required for new features or to address compatibility or security requirements.

Dependency additions:

• Added undici version 6.24.0 to the dependencies. ([package.jsonL115-R117](https://github.com/deriv-com/deriv-api-docs/pull/324/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L115-R117))
• Added serialize-javascript version 7.0.3 to the dependencies. ([package.jsonL115-R117](https://github.com/deriv-com/deriv-api-docs/pull/324/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L115-R117))

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
deriv-api-docs	Ready	Preview	Mar 19, 2026 6:23am

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ✅ 0 package(s) with unknown licenses.
• ⚠️ 1 packages with OpenSSF Scorecard issues.

See the Details below.

OpenSSF Scorecard

Package	Version	Score	Details
npm/@isaacs/brace-expansion	5.0.0	Unknown	Unknown
npm/serialize-javascript	6.0.2	🟢 4.3	Details Check Score Reason Code-Review 🟢 4 Found 8/20 approved changesets -- score normalized to 4 Maintained 🟢 5 4 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/undici	5.29.0	🟢 7.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Dependency-Update-Tool 🟢 10 update tool detected Security-Policy 🟢 9 security policy file detected Code-Review 🟢 4 Found 13/28 approved changesets -- score normalized to 4 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 8 binaries present in source code CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 9 SAST tool detected but not run on all commits License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found CI-Tests 🟢 10 15 out of 15 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 81 contributing companies or organizations
npm/serialize-javascript	7.0.3	🟢 4.3	Details Check Score Reason Code-Review 🟢 4 Found 8/20 approved changesets -- score normalized to 4 Maintained 🟢 5 4 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/undici	6.24.0	🟢 7.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Dependency-Update-Tool 🟢 10 update tool detected Security-Policy 🟢 9 security policy file detected Code-Review 🟢 4 Found 13/28 approved changesets -- score normalized to 4 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 8 binaries present in source code CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 9 SAST tool detected but not run on all commits License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found CI-Tests 🟢 10 15 out of 15 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 81 contributing companies or organizations
npm/@fastify/busboy	2.1.1	Unknown	Unknown
npm/@isaacs/balanced-match	4.0.1	Unknown	Unknown
npm/encoding	0.1.13	⚠️ 2.1	Details Check Score Reason Code-Review ⚠️ 1 Found 5/29 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Token-Permissions ⚠️ -1 No tokens found Dangerous-Workflow ⚠️ -1 no workflows found Pinned-Dependencies ⚠️ -1 no dependencies found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/randombytes	2.1.0	Unknown	Unknown

Scanned Manifest Files

package-lock.json

• @isaacs/brace-expansion@5.0.0
• serialize-javascript@6.0.2
• undici@5.29.0
• serialize-javascript@7.0.3
• undici@6.24.0
• @fastify/busboy@2.1.1
• @isaacs/balanced-match@4.0.1
• encoding@0.1.13
• randombytes@2.1.0