Skip to content

updated packages to remove security issue: Cross-site Scripting (XSS) in serialize-javascript#515

Open
nightness wants to merge 2 commits intoshadowwalker:masterfrom
Brainwires:master
Open

updated packages to remove security issue: Cross-site Scripting (XSS) in serialize-javascript#515
nightness wants to merge 2 commits intoshadowwalker:masterfrom
Brainwires:master

Conversation

@nightness
Copy link

@nightness nightness commented Feb 27, 2025

Fixed without rewriting the source files...

serialize-javascript  <6.0.2
Severity: moderate
Cross-site Scripting (XSS) in serialize-javascript - https://github.com/advisories/GHSA-76p7-773f-r4q5
fix available via `npm audit fix --force`
Will install next-pwa@2.0.2, which is a breaking change
node_modules/rollup-plugin-terser/node_modules/serialize-javascript
  rollup-plugin-terser  3.0.0 || >=4.0.4
  Depends on vulnerable versions of serialize-javascript
  node_modules/rollup-plugin-terser
    workbox-build  5.0.0-alpha.0 - 7.0.0
    Depends on vulnerable versions of rollup-plugin-terser
    node_modules/next-pwa/node_modules/workbox-build
      workbox-webpack-plugin  5.0.0-alpha.0 - 7.0.0
      Depends on vulnerable versions of workbox-build
      node_modules/next-pwa/node_modules/workbox-webpack-plugin
        next-pwa  >=2.1.0
        Depends on vulnerable versions of workbox-webpack-plugin
        node_modules/next-pwa

5 moderate severity vulnerabilities

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nightness