Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: upgrade serialize-javascript #11434

Merged
merged 2 commits into from
Aug 13, 2020
Merged

chore: upgrade serialize-javascript #11434

merged 2 commits into from
Aug 13, 2020
+15 −6

Conversation

posva
Copy link
Member

@posva posva commented Jun 3, 2020
edited
Loading

What kind of change does this PR introduce? (check at least one)

Security update from #11427 and https://app.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-570062

Breaking changes listed at https://github.com/yahoo/serialize-javascript/releases

  • Bugfix
  • Feature
  • Code style update
  • Refactor
  • Build-related changes
  • Other, please describe: Security bump

Does this PR introduce a breaking change? (check one)

  • Yes
  • No

If yes, please describe the impact and migration path for existing applications:

The PR fulfills these requirements:

If adding a new feature, the PR's description includes:

  • A convincing reason for adding this feature (to avoid wasting your time, it's best to open a suggestion issue first and wait for approval before working on it)

Other information:

@posva posva mentioned this pull request Jun 3, 2020
Closed
@posva posva mentioned this pull request Jun 5, 2020
Closed
@sugiyama-akina
Copy link

Hi. When will this pull request be merged?
I'm using vue-server-renderer, but I'm having trouble fixing the serialize-javascript vulnerability.

@SirMishaa
Copy link

I have the same security problem as @sugiyama-akina , a merge is planned soon please ?

@posva posva mentioned this pull request Aug 11, 2020
Closed
@zgmrvn-svg zgmrvn-svg mentioned this pull request Aug 13, 2020
Closed
@posva posva mentioned this pull request Aug 13, 2020
Closed
@yyx990803 yyx990803 merged commit 5b39961 into dev Aug 13, 2020
@yyx990803 yyx990803 deleted the security/bupm-serialize-javascript branch August 13, 2020 14:38
@hjvedvik hjvedvik mentioned this pull request Aug 13, 2020
Closed
@dargmuesli
Copy link

dargmuesli commented Aug 13, 2020
edited
Loading

@yyx990803 will there be a new 2.6 release containing this security fix? If yes, when can we expect it? :)

SillyFreak added a commit to PRIArobotics/delete-your-data that referenced this pull request Aug 14, 2020
@SillyFreak
updgrade dependencies. Upgrade to nuxt@~2.13 made problems, so stay a…
fad31b0 
…t ~2.12 for now. vulnerable serialize-javascript@<3.1.0 is now only present as a dependency of vue-server-renderer, which is being worked on: vuejs/vue#11434
@yyx990803
Copy link
Member

2.6.12 has been released.

@dargmuesli
Copy link

Great! Thank you very much! ❤

@brunomperes brunomperes mentioned this pull request Aug 28, 2020
Closed
This was referenced Mar 13, 2021
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MuhaddiMu MuhaddiMu MuhaddiMu approved these changes

@ermanzohre ermanzohre ermanzohre approved these changes

@Justineo Justineo Justineo approved these changes

Assignees
No one assigned
Labels
priority: high semver:minor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@posva @sugiyama-akina @SirMishaa @dargmuesli @yyx990803 @Justineo @ermanzohre @MuhaddiMu