fix: package.json & yarn.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607
quran · Jan 9, 2024 · c826e9d · c826e9d
1 parent f49ee0e
commit c826e9d
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/package.json b/package.json
@@ -21,7 +21,7 @@
     "sass": "^1.25.0",
     "sass-loader": "^10",
     "select2": "^4.0.13",
-    "serialize-javascript": ">=3.1.0",
+    "serialize-javascript": ">=6.0.2",
     "stimulus": "^1.1.1",
     "turbolinks": "^5.2.0",
     "wavesurfer.js": "^4.2.0",

diff --git a/yarn.lock b/yarn.lock
@@ -6591,7 +6591,14 @@ [email protected]:
     range-parser "~1.2.1"
     statuses "~1.5.0"
 
-serialize-javascript@>=3.1.0, serialize-javascript@^4.0.0:
+serialize-javascript@>=6.0.2:
+  version "6.0.2"
+  resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-6.0.2.tgz#defa1e055c83bf6d59ea805d8da862254eb6a6c2"
+  integrity sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==
+  dependencies:
+    randombytes "^2.1.0"
+
+serialize-javascript@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-4.0.0.tgz#b525e1238489a5ecfc42afacc3fe99e666f4b1aa"
   integrity sha512-GaNA54380uFefWghODBWEGisLZFj00nS5ACs6yHa9nLqlLpVLO8ChDGeKRjZnV4Nh4n0Qi7nhYZD/9fCPzEqkw==