Skip to content

build(deps): bump serialize-javascript from 6.0.2 to 7.0.4#1004

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/serialize-javascript-7.0.4
Open

build(deps): bump serialize-javascript from 6.0.2 to 7.0.4#1004
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/serialize-javascript-7.0.4

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 29, 2026
edited
Loading

Bumps serialize-javascript from 6.0.2 to 7.0.4.

Release notes

Sourced from serialize-javascript's releases.

v7.0.4

What's Changed

Full Changelog: yahoo/serialize-javascript@v7.0.3...v7.0.4

v7.0.3

  • fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207) 2e609d0
  • build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206) 42b7cdb

yahoo/serialize-javascript@v7.0.2...v7.0.3

v7.0.2

What's Changed

Full Changelog: yahoo/serialize-javascript@v7.0.1...v7.0.2

v7.0.1

What's Changed

New Contributors

Full Changelog: yahoo/serialize-javascript@v7.0.0...v7.0.1

v7.0.0

Breaking Changes

  • requires Node.js v20+

What's Changed

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for serialize-javascript since your current version.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 29, 2026
@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages Bot commented May 29, 2026
edited
Loading

Deploying nuxt-devtools with  Cloudflare Pages  Cloudflare Pages

Latest commit: 77de262
Status: ✅  Deploy successful!
Preview URL: https://e692f2fe.nuxt-devtools.pages.dev
Branch Preview URL: https://dependabot-npm-and-yarn-seri.nuxt-devtools.pages.dev

View logs

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/serialize-javascript-7.0.4 branch from 483b92e to 975c917 Compare May 29, 2026 07:15
@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 29, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​takumi-rs/​core@​0.73.1841007296100
Added@​takumi-rs/​wasm@​0.73.1901007396100
Updated@​vueuse/​core@​14.3.0 ⏵ 14.2.1991007790100
Updated@​iconify-json/​simple-icons@​1.2.84 ⏵ 1.2.741001007796100
Added@​iconify-json/​heroicons@​1.2.31001007981100
Added@​iconify-json/​lucide@​1.2.981001007996100
Added@​nuxt/​image@​2.0.0991009181100
Added@​nuxt/​fonts@​0.14.0981008982100
Updated@​vueuse/​nuxt@​14.3.0 ⏵ 14.2.11001008390 +1100
Added@​nuxt/​ui-pro@​3.3.79210010086100
Added@​nuxtjs/​plausible@​3.0.28810010094100
Added@​nuxt/​devtools@​4.0.0-alpha.18810010098100
Added@​nuxt/​content@​3.12.0951009095100
Addedbetter-sqlite3@​12.8.010010010091100
Addednuxt@​4.4.2989810095100
Addednuxt-og-image@​6.0.395979696100
Added@​nuxt/​ui@​3.3.79810010099100

View full report

@dependabot
build(deps): bump serialize-javascript from 6.0.2 to 7.0.4
77de262 
Bumps [serialize-javascript](https://github.com/yahoo/serialize-javascript) from 6.0.2 to 7.0.4.
- [Release notes](https://github.com/yahoo/serialize-javascript/releases)
- [Commits](yahoo/serialize-javascript@v6.0.2...v7.0.4)

---
updated-dependencies:
- dependency-name: serialize-javascript
  dependency-version: 7.0.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/serialize-javascript-7.0.4 branch from 975c917 to 77de262 Compare May 29, 2026 07:27
@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 29, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @nuxt/devtools is 98.0% likely obfuscated

Confidence: 0.98

Location: Package overview

From: docs/package.jsonnpm/@nuxt/devtools@4.0.0-alpha.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@nuxt/devtools@4.0.0-alpha.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm ioredis is 96.0% likely obfuscated

Confidence: 0.96

Location: Package overview

From: docs/pnpm-lock.yamlnpm/nuxt@4.4.2npm/ioredis@5.10.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/ioredis@5.10.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants