Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: yahoo/serialize-javascript
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v7.0.5
Choose a base ref
...
head repository: yahoo/serialize-javascript
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v7.0.6
Choose a head ref
  • 3 commits
  • 4 files changed
  • 4 contributors

Commits on Apr 10, 2026

  1. build(deps-dev): bump lodash from 4.17.23 to 4.18.1 (#215)

    Bumps [lodash](https://github.com/lodash/lodash) from 4.17.23 to 4.18.1.
    - [Release notes](https://github.com/lodash/lodash/releases)
    - [Commits](lodash/lodash@4.17.23...4.18.1)
    
    ---
    updated-dependencies:
    - dependency-name: lodash
      dependency-version: 4.18.1
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Apr 10, 2026
    Configuration menu
    Copy the full SHA
    451af65 View commit details
    Browse the repository at this point in the history

Commits on Jun 17, 2026

  1. fix: reject spoofed URL objects with non-string toString() result

    Validates that URL.toString() returns a primitive string before
    passing to serialize(), preventing code injection via Object.create(URL.prototype)
    spoofing. Adds a regression test covering the attack vector from PSECBUGS-108653.
    
    Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
    PR-URL: #217
    redonkulus and claude authored Jun 17, 2026
    Configuration menu
    Copy the full SHA
    a83d2cb View commit details
    Browse the repository at this point in the history
  2. release: v7.0.6

    PR-URL: #221
    okuryu authored Jun 17, 2026
    Configuration menu
    Copy the full SHA
    153eb43 View commit details
    Browse the repository at this point in the history
Loading