Skip to content

Commit b513e12

Browse files
CybotTMCybotTM
committed
fix: resolve serialize-javascript RCE vulnerability (CVE)
Add npm override to force serialize-javascript ^7.0.3, fixing dependabot alert #78 (high severity RCE via RegExp.flags). Signed-off-by: Sebastian Mendel <sebastian.mendel@netresearch.de> Signed-off-by: Sebastian Mendel <info@sebastianmendel.de>
1 parent c9fa1cb commit b513e12

2 files changed

Lines changed: 10 additions & 15 deletions

File tree

package-lock.json

Lines changed: 7 additions & 15 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,9 @@
1717
"webpack-dev-server": "^5.2.0",
1818
"webpack-notifier": "^1.15.0"
1919
},
20+
"overrides": {
21+
"serialize-javascript": "^7.0.3"
22+
},
2023
"license": "UNLICENSED",
2124
"private": true,
2225
"scripts": {

0 commit comments

Comments
 (0)