fix: override serialize-javascript to >=7.0.3 for audit compliance

Newly disclosed RCE vulnerability (GHSA-5c6j-r48x-rmvq) in serialize-javascript <=7.0.2, pulled in as a transitive devDependency via @nestjs/cli > webpack > terser-webpack-plugin. pnpm override bumps it to the patched version. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-28 09:10:25 -06:00
parent 023949f1e0
commit a829271b66
2 changed files with 8 additions and 14 deletions
--- a/package.json
+++ b/package.json
@@ -72,7 +72,8 @@
      "qs": ">=6.15.0",
      "tough-cookie": ">=4.1.3",
      "undici": ">=6.23.0",
-      "rollup": ">=4.59.0"
+      "rollup": ">=4.59.0",
+      "serialize-javascript": ">=7.0.3"
    }
  }
 }