Skip to content

Commit 6a629b2

Browse files
karanshah-browserstackkaranshah-browserstack
committed
fix(security): upgrade serialize-javascript to 7.0.3 to fix RCE [APS-18800]
- Add npm `overrides` block in package.json forcing serialize-javascript to 7.0.3 (transitive dep via mocha; cannot bump directly). - Regenerate package-lock.json. npm 10 upgraded lockfileVersion 1 -> 3 (required for `overrides` to take effect). - Resolves GHSA-5c6j-r48x-rmvq (CVSS 8.1) — RCE via RegExp.flags and Date.prototype.toISOString(). - npm ls confirms: serialize-javascript@7.0.3 overridden. - Test suite: 663 passing, 13 failing, 2 pending — IDENTICAL to master baseline. No regression introduced. Resolves: APS-18800
1 parent ef06797 commit 6a629b2

2 files changed

Lines changed: 3636 additions & 1798 deletions

File tree

0 commit comments

Comments
 (0)