From cadfd0879f9b757193814a20f5a4072c78a0d59e Mon Sep 17 00:00:00 2001 From: Camille Malonzo Date: Tue, 31 Mar 2026 13:22:59 -0400 Subject: [PATCH] [npm audit] Upgrade serialize-javscript to 7.0.5 to address CVE GHSA-qj8w-gfj5-8c6v --- .../module-minifier/main_2026-03-31-17-21.json | 10 ++++++++++ common/config/subspaces/default/pnpm-lock.yaml | 10 +++++----- common/config/subspaces/default/repo-state.json | 2 +- libraries/module-minifier/package.json | 2 +- 4 files changed, 17 insertions(+), 7 deletions(-) create mode 100644 common/changes/@rushstack/module-minifier/main_2026-03-31-17-21.json diff --git a/common/changes/@rushstack/module-minifier/main_2026-03-31-17-21.json b/common/changes/@rushstack/module-minifier/main_2026-03-31-17-21.json new file mode 100644 index 00000000000..c4339d8013f --- /dev/null +++ b/common/changes/@rushstack/module-minifier/main_2026-03-31-17-21.json @@ -0,0 +1,10 @@ +{ + "changes": [ + { + "packageName": "@rushstack/module-minifier", + "comment": "Bump serialize-javascript 7.0.5 to address CVE GHSA-qj8w-gfj5-8c6v", + "type": "patch" + } + ], + "packageName": "@rushstack/module-minifier" +} \ No newline at end of file diff --git a/common/config/subspaces/default/pnpm-lock.yaml b/common/config/subspaces/default/pnpm-lock.yaml index 91c15da3749..bf9076a2f74 100644 --- a/common/config/subspaces/default/pnpm-lock.yaml +++ b/common/config/subspaces/default/pnpm-lock.yaml @@ -3836,8 +3836,8 @@ importers: specifier: workspace:* version: link:../worker-pool serialize-javascript: - specifier: 7.0.3 - version: 7.0.3 + specifier: 7.0.5 + version: 7.0.5 source-map: specifier: ~0.7.3 version: 0.7.6 @@ -17164,8 +17164,8 @@ packages: serialize-javascript@6.0.2: resolution: {integrity: sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==} - serialize-javascript@7.0.3: - resolution: {integrity: sha512-h+cZ/XXarqDgCjo+YSyQU/ulDEESGGf8AMK9pPNmhNSl/FzPl6L8pMp1leca5z6NuG6tvV/auC8/43tmovowww==} + serialize-javascript@7.0.5: + resolution: {integrity: sha512-F4LcB0UqUl1zErq+1nYEEzSHJnIwb3AF2XWB94b+afhrekOUijwooAYqFyRbjYkm2PAKBabx6oYv/xDxNi8IBw==} engines: {node: '>=20.0.0'} serve-favicon@2.5.1: @@ -35536,7 +35536,7 @@ snapshots: dependencies: randombytes: 2.1.0 - serialize-javascript@7.0.3: {} + serialize-javascript@7.0.5: {} serve-favicon@2.5.1: dependencies: diff --git a/common/config/subspaces/default/repo-state.json b/common/config/subspaces/default/repo-state.json index bf5a72c3b2c..19ae7edefae 100644 --- a/common/config/subspaces/default/repo-state.json +++ b/common/config/subspaces/default/repo-state.json @@ -1,5 +1,5 @@ // DO NOT MODIFY THIS FILE MANUALLY BUT DO COMMIT IT. It is generated and used by Rush. { - "pnpmShrinkwrapHash": "8821e1e50d94962f6d01f6b347c1a79a584bc961", + "pnpmShrinkwrapHash": "958d2b2f4a0d7c66f79432acbee97ea344254ed6", "preferredVersionsHash": "029c99bd6e65c5e1f25e2848340509811ff9753c" } diff --git a/libraries/module-minifier/package.json b/libraries/module-minifier/package.json index 9892970b220..5ae20fcee80 100644 --- a/libraries/module-minifier/package.json +++ b/libraries/module-minifier/package.json @@ -40,7 +40,7 @@ }, "dependencies": { "@rushstack/worker-pool": "workspace:*", - "serialize-javascript": "7.0.3", + "serialize-javascript": "7.0.5", "source-map": "~0.7.3", "terser": "^5.9.0" },