Upgrading serialize-javascript package in QuickLayout Docs

Andrei Banshchikov · meta-codesync[bot] · commit b07943981a6a · 2026-04-28T02:24:04.000-07:00
Summary: Received an alert on a vulnerability in serialize-javascript package, upgraded to latest patched version (7.0.5, major bump from 6.0.2). Forces all transitive consumers via yarn `resolutions`. Mirrors D101617088 approach.

Differential Revision: D102589513

fbshipit-source-id: 37a767182dd220116613ddd4b5fceb5e0904126e
diff --git a/Sources/QuickLayout/docs/package.json b/Sources/QuickLayout/docs/package.json
@@ -57,6 +57,7 @@
     "express/path-to-regexp": "0.1.13",
     "lodash": "4.18.1",
     "lodash-es": "4.18.1",
-    "picomatch": "2.3.2"
+    "picomatch": "2.3.2",
+    "serialize-javascript": "7.0.5"
   }
 }
diff --git a/Sources/QuickLayout/docs/yarn.lock b/Sources/QuickLayout/docs/yarn.lock
@@ -9710,13 +9710,6 @@ quick-lru@^5.1.1:
   resolved "https://registry.yarnpkg.com/quick-lru/-/quick-lru-5.1.1.tgz#366493e6b3e42a3a6885e2e99d18f80fb7a8c932"
   integrity sha512-WuyALRjWPDGtt/wzJiadO5AXY+8hZ80hVpe6MyivgraREW751X3SbhRvG3eLKOYN+8VEvqLcf3wdnt44Z4S4SA==
 
-randombytes@^2.1.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/randombytes/-/randombytes-2.1.0.tgz#df6f84372f0270dc65cdf6291349ab7a473d4f2a"
-  integrity sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==
-  dependencies:
-    safe-buffer "^5.1.0"
-
 range-parser@1.2.0:
   version "1.2.0"
   resolved "https://registry.yarnpkg.com/range-parser/-/range-parser-1.2.0.tgz#f49be6b487894ddc40dcc94a322f611092e00d5e"
@@ -10312,7 +10305,7 @@ sade@^1.7.3:
   dependencies:
     mri "^1.1.0"
 
-safe-buffer@5.2.1, safe-buffer@>=5.1.0, safe-buffer@^5.1.0, safe-buffer@~5.2.0:
+safe-buffer@5.2.1, safe-buffer@>=5.1.0, safe-buffer@~5.2.0:
   version "5.2.1"
   resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6"
   integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==
@@ -10429,12 +10422,10 @@ send@~0.19.0, send@~0.19.1:
     range-parser "~1.2.1"
     statuses "~2.0.2"
 
-serialize-javascript@^6.0.0, serialize-javascript@^6.0.1:
-  version "6.0.2"
-  resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-6.0.2.tgz#defa1e055c83bf6d59ea805d8da862254eb6a6c2"
-  integrity sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==
-  dependencies:
-    randombytes "^2.1.0"
+serialize-javascript@7.0.5, serialize-javascript@^6.0.0, serialize-javascript@^6.0.1:
+  version "7.0.5"
+  resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-7.0.5.tgz#c798cc0552ffbb08981914a42a8756e339d0d5b1"
+  integrity sha512-F4LcB0UqUl1zErq+1nYEEzSHJnIwb3AF2XWB94b+afhrekOUijwooAYqFyRbjYkm2PAKBabx6oYv/xDxNi8IBw==
 
 serve-handler@^6.1.6:
   version "6.1.7"

Original file line number	Diff line number	Diff line change
`@@ -57,6 +57,7 @@`
`57`	`57`	`"express/path-to-regexp": "0.1.13",`
`58`	`58`	`"lodash": "4.18.1",`
`59`	`59`	`"lodash-es": "4.18.1",`
`60`		`- "picomatch": "2.3.2"`
	`60`	`+ "picomatch": "2.3.2",`
	`61`	`+ "serialize-javascript": "7.0.5"`
`61`	`62`	`}`
`62`	`63`	`}`