Bump serialize-javascript version in yarn.lock to overcome known vulnerability

Created on 5 March 2025, 29 days ago

Problem/Motivation

During our scan, Security team has observed that serialize-javascript/6.0.0 has been included as dependency in the yarn.lock file but it has a known vulnerability , this needs version bump in the yarn.lock file to fix known vulnerability.

Steps to reproduce

Check yarn.lock file on 11.x head repo

Proposed resolution

Bump serialize-javascript to version 6.0.2 or higher in yarn.lock

Remaining tasks

Bump serialize-javascript to version.

Release notes snippet

📌 Task
Status

Active

Version

11.0 🔥

Component

asset library system

Created by

🇮🇳India bhanu951

Live updates comments and jobs are added and updated live.
  • Security

    It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.

Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024