Skip to content

bump: serialize-javascript to 7.0.5 for yarn audit cp-13.25.0#41319

Merged
HowardBraham merged 1 commit into
mainfrom
serialize-javascript
Mar 27, 2026
Merged

bump: serialize-javascript to 7.0.5 for yarn audit cp-13.25.0#41319
HowardBraham merged 1 commit into
mainfrom
serialize-javascript

Conversation

@HowardBraham

@HowardBraham HowardBraham commented Mar 27, 2026
edited by cursor Bot
Loading

Copy link
Copy Markdown
Contributor

Description

Fixes

└─ serialize-javascript
   ├─ ID: 1115519
   ├─ Issue: Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects
   ├─ URL: https://github.com/advisories/GHSA-qj8w-gfj5-8c6v
   ├─ Severity: moderate
   ├─ Vulnerable Versions: <7.0.5
   │
   ├─ Tree Versions
   │  └─ 7.0.3
   │
   └─ Dependents
      └─ terser-webpack-plugin@npm:5.3.16 [e4394]

Changelog

CHANGELOG entry: null

Note

Low Risk
Low risk dependency-only change; primary impact is in build tooling consumers of serialize-javascript, with minimal chance of runtime behavior changes outside updated library semantics.

Overview
Updates the pinned serialize-javascript resolution from 7.0.3 to 7.0.5 and refreshes yarn.lock accordingly.

This is a security-driven bump to address a moderate DoS advisory affecting versions <7.0.5.

Written by Cursor Bugbot for commit 2b71464. This will update automatically on new commits. Configure here.

@HowardBraham HowardBraham self-assigned this Mar 27, 2026
@github-actions

github-actions Bot commented Mar 27, 2026

Copy link
Copy Markdown
Contributor

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@metamaskbot metamaskbot added the team-extension-platform Extension Platform team label Mar 27, 2026
Gudahtt
Gudahtt approved these changes Mar 27, 2026
View reviewed changes

@Gudahtt Gudahtt left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@HowardBraham HowardBraham enabled auto-merge March 27, 2026 19:25
@sonarqubecloud

sonarqubecloud Bot commented Mar 27, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@HowardBraham HowardBraham added this pull request to the merge queue Mar 27, 2026
Merged via the queue into main with commit 00dfb67 Mar 27, 2026
216 of 218 checks passed
@HowardBraham HowardBraham deleted the serialize-javascript branch March 27, 2026 19:49
@github-actions github-actions Bot locked and limited conversation to collaborators Mar 27, 2026
@metamaskbot metamaskbot added the release-13.26.0 Issue or pull request that will be included in release 13.26.0 label Mar 27, 2026
@HowardBraham HowardBraham changed the title bump: serialize-javascript to 7.0.5 for yarn audit bump: serialize-javascript to 7.0.5 for yarn audit cp-13.25.0 Mar 27, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@Gudahtt Gudahtt Gudahtt approved these changes

@DDDDDanica DDDDDanica DDDDDanica approved these changes

Assignees

@HowardBraham HowardBraham

Labels

release-13.26.0 Issue or pull request that will be included in release 13.26.0 size-XS skip-release-validation team-extension-platform Extension Platform team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@HowardBraham @Gudahtt @DDDDDanica @metamaskbot