Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: upgrade serialize-javascript #11434

Merged
merged 2 commits into from Aug 13, 2020
Merged

chore: upgrade serialize-javascript #11434

merged 2 commits into from Aug 13, 2020

Conversation

posva
Copy link
Member

@posva posva commented Jun 3, 2020
edited

What kind of change does this PR introduce? (check at least one)

Security update from #11427 and https://app.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-570062

Breaking changes listed at https://github.com/yahoo/serialize-javascript/releases

  • Bugfix
  • Feature
  • Code style update
  • Refactor
  • Build-related changes
  • Other, please describe: Security bump

Does this PR introduce a breaking change? (check one)

  • Yes
  • No

If yes, please describe the impact and migration path for existing applications:

The PR fulfills these requirements:

If adding a new feature, the PR's description includes:

  • A convincing reason for adding this feature (to avoid wasting your time, it's best to open a suggestion issue first and wait for approval before working on it)

Other information:

@posva posva mentioned this pull request Jun 3, 2020
Closed
@posva posva mentioned this pull request Jun 5, 2020
Closed
@sugiyama-akina
Copy link

@sugiyama-akina sugiyama-akina commented Jul 13, 2020

Hi. When will this pull request be merged?
I'm using vue-server-renderer, but I'm having trouble fixing the serialize-javascript vulnerability.

@SirMishaa
Copy link

@SirMishaa SirMishaa commented Jul 16, 2020

I have the same security problem as @sugiyama-akina , a merge is planned soon please ?

@posva posva mentioned this pull request Aug 11, 2020
Closed
@zgmrvn-svg zgmrvn-svg mentioned this pull request Aug 13, 2020
Closed
@posva posva mentioned this pull request Aug 13, 2020
Closed
@yyx990803 yyx990803 merged commit 5b39961 into dev Aug 13, 2020
5 checks passed
@yyx990803 yyx990803 deleted the security/bupm-serialize-javascript branch Aug 13, 2020
@hjvedvik hjvedvik mentioned this pull request Aug 13, 2020
Closed
@dargmuesli
Copy link

@dargmuesli dargmuesli commented Aug 13, 2020
edited

@yyx990803 will there be a new 2.6 release containing this security fix? If yes, when can we expect it? :)

SillyFreak added a commit to PRIArobotics/delete-your-data that referenced this issue Aug 14, 2020
@SillyFreak
updgrade dependencies. Upgrade to nuxt@~2.13 made problems, so stay a…
fad31b0 
…t ~2.12 for now. vulnerable serialize-javascript@<3.1.0 is now only present as a dependency of vue-server-renderer, which is being worked on: vuejs/vue#11434
@yyx990803
Copy link
Member

@yyx990803 yyx990803 commented Aug 20, 2020

2.6.12 has been released.

@dargmuesli
Copy link

@dargmuesli dargmuesli commented Aug 20, 2020

Great! Thank you very much!

@brunomperes brunomperes mentioned this pull request Aug 28, 2020
Closed
@dependabot dependabot bot mentioned this pull request Mar 12, 2021
Merged
@dependabot dependabot bot mentioned this pull request Mar 12, 2021
Closed
@dependabot dependabot bot mentioned this pull request Mar 13, 2021
Merged
@dependabot dependabot bot mentioned this pull request Mar 17, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Justineo Justineo

@ermanzohre ermanzohre

@MuhaddiMu MuhaddiMu

Assignees
No one assigned
Labels
priority: high semver:minor
Projects
None yet
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

None yet
8 participants
@posva @sugiyama-akina @SirMishaa @dargmuesli @yyx990803 @Justineo @ermanzohre @MuhaddiMu