Skip to content

Commit 6bf68ea

Browse files
vrubezhnyvrubezhny
committed
[build] Fix vulnerability in serialize-javascript <=7.0.4
``` npm audit report serialize-javascript <7.0.5 Severity: moderate Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects - GHSA-qj8w-gfj5-8c6v fix available via `npm audit fix --force` Will install mocha@7.2.0, which is a breaking change node_modules/serialize-javascript mocha 8.0.0 - 12.0.0-beta-2 Depends on vulnerable versions of serialize-javascript node_modules/mocha terser-webpack-plugin <=5.3.16 Depends on vulnerable versions of serialize-javascript node_modules/terser-webpack-plugin ``` Fixes: https://github.com/redhat-developer/vscode-openshift-tools/security/dependabot/149 Signed-off-by: Victor Rubezhny <vrubezhny@redhat.com>
1 parent 20a43af commit 6bf68ea

2 files changed

Lines changed: 4 additions & 4 deletions

File tree

package-lock.json

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -200,7 +200,7 @@
200200
"tough-cookie": "^6.0.1",
201201
"tar-fs": "^3.1.2",
202202
"diff": "^8.0.3",
203-
"serialize-javascript": "^7.0.3"
203+
"serialize-javascript": "^7.0.5"
204204
},
205205
"activationEvents": [
206206
"onView:openshiftProjectExplorer",

0 commit comments

Comments
 (0)