fix: override serialize-javascript to >=7.0.3 for audit compliance
Newly disclosed RCE vulnerability (GHSA-5c6j-r48x-rmvq) in serialize-javascript <=7.0.2, pulled in as a transitive devDependency via @nestjs/cli > webpack > terser-webpack-plugin. pnpm override bumps it to the patched version. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -72,7 +72,8 @@
|
||||
"qs": ">=6.15.0",
|
||||
"tough-cookie": ">=4.1.3",
|
||||
"undici": ">=6.23.0",
|
||||
"rollup": ">=4.59.0"
|
||||
"rollup": ">=4.59.0",
|
||||
"serialize-javascript": ">=7.0.3"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
19
pnpm-lock.yaml
generated
19
pnpm-lock.yaml
generated
@@ -16,6 +16,7 @@ overrides:
|
||||
tough-cookie: '>=4.1.3'
|
||||
undici: '>=6.23.0'
|
||||
rollup: '>=4.59.0'
|
||||
serialize-javascript: '>=7.0.3'
|
||||
|
||||
importers:
|
||||
|
||||
@@ -6389,9 +6390,6 @@ packages:
|
||||
raf-schd@4.0.3:
|
||||
resolution: {integrity: sha512-tQkJl2GRWh83ui2DiPTJz9wEiMN20syf+5oKfB03yYP7ioZcJwsIK8FjrtLwH1m7C7e+Tt2yYBlrOpdT+dyeIQ==}
|
||||
|
||||
randombytes@2.1.0:
|
||||
resolution: {integrity: sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==}
|
||||
|
||||
range-parser@1.2.1:
|
||||
resolution: {integrity: sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==}
|
||||
engines: {node: '>= 0.6'}
|
||||
@@ -6679,8 +6677,9 @@ packages:
|
||||
resolution: {integrity: sha512-1gnZf7DFcoIcajTjTwjwuDjzuz4PPcY2StKPlsGAQ1+YH20IRVrBaXSWmdjowTJ6u8Rc01PoYOGHXfP1mYcZNQ==}
|
||||
engines: {node: '>= 18'}
|
||||
|
||||
serialize-javascript@6.0.2:
|
||||
resolution: {integrity: sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==}
|
||||
serialize-javascript@7.0.3:
|
||||
resolution: {integrity: sha512-h+cZ/XXarqDgCjo+YSyQU/ulDEESGGf8AMK9pPNmhNSl/FzPl6L8pMp1leca5z6NuG6tvV/auC8/43tmovowww==}
|
||||
engines: {node: '>=20.0.0'}
|
||||
|
||||
serve-static@1.16.3:
|
||||
resolution: {integrity: sha512-x0RTqQel6g5SY7Lg6ZreMmsOzncHFU7nhnRWkKgWuMTu5NN0DR5oruckMqRvacAN9d5w6ARnRBXl9xhDCgfMeA==}
|
||||
@@ -13990,10 +13989,6 @@ snapshots:
|
||||
|
||||
raf-schd@4.0.3: {}
|
||||
|
||||
randombytes@2.1.0:
|
||||
dependencies:
|
||||
safe-buffer: 5.2.1
|
||||
|
||||
range-parser@1.2.1: {}
|
||||
|
||||
raw-body@2.5.3:
|
||||
@@ -14362,9 +14357,7 @@ snapshots:
|
||||
transitivePeerDependencies:
|
||||
- supports-color
|
||||
|
||||
serialize-javascript@6.0.2:
|
||||
dependencies:
|
||||
randombytes: 2.1.0
|
||||
serialize-javascript@7.0.3: {}
|
||||
|
||||
serve-static@1.16.3:
|
||||
dependencies:
|
||||
@@ -14769,7 +14762,7 @@ snapshots:
|
||||
'@jridgewell/trace-mapping': 0.3.31
|
||||
jest-worker: 27.5.1
|
||||
schema-utils: 4.3.3
|
||||
serialize-javascript: 6.0.2
|
||||
serialize-javascript: 7.0.3
|
||||
terser: 5.46.0
|
||||
webpack: 5.104.1(@swc/core@1.15.11)
|
||||
optionalDependencies:
|
||||
|
||||
Reference in New Issue
Block a user