This is an automated email from the ASF dual-hosted git repository. rusackas pushed a commit to branch chore/bump-serialize-javascript-docs in repository https://gitbox.apache.org/repos/asf/superset.git
commit 1fc4817cea4da2235ae5e48ee456e62dce873fbd Author: Claude Code <[email protected]> AuthorDate: Fri May 29 21:49:52 2026 -0700 chore(deps): force serialize-javascript 7.0.5 in docs Picks up upstream fixes flagged by Dependabot for serialize-javascript, a transitive dependency used at build time by copy-webpack-plugin and css-minimizer-webpack-plugin (both request `^6.x`). The fixes only land in the 7.x line, which those plugins don't yet request, so a yarn `resolutions` override forces every serialize-javascript request to 7.0.5. The 7.x changes are security hardening (function-body sanitization, RegExp/Date handling) with no API change for the `serialize(obj)` usage these plugins rely on. Validated with a full `yarn build` of the docs site (webpack minification exercises serialize-javascript) and `yarn install --immutable`. Co-Authored-By: Claude Opus 4.8 <[email protected]> --- docs/package.json | 3 ++- docs/yarn.lock | 10 ++++------ 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/docs/package.json b/docs/package.json index d1348d7c558..33f983dd782 100644 --- a/docs/package.json +++ b/docs/package.json @@ -131,7 +131,8 @@ "swagger-client": "3.37.3", "lodash": "4.18.1", "lodash-es": "4.18.1", - "yaml": "1.10.3" + "yaml": "1.10.3", + "serialize-javascript": "7.0.5" }, "packageManager": "[email protected]+sha1.ac34549e6aa8e7ead463a7407e1c7390f61a6610" } diff --git a/docs/yarn.lock b/docs/yarn.lock index 229f70fcea1..f1dd7c69b2a 100644 --- a/docs/yarn.lock +++ b/docs/yarn.lock @@ -13362,12 +13362,10 @@ serialize-error@^8.1.0: dependencies: type-fest "^0.20.2" -serialize-javascript@^6.0.0, serialize-javascript@^6.0.1: - version "6.0.2" - resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-6.0.2.tgz#defa1e055c83bf6d59ea805d8da862254eb6a6c2"; - integrity sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g== - dependencies: - randombytes "^2.1.0" [email protected], serialize-javascript@^6.0.0, serialize-javascript@^6.0.1: + version "7.0.5" + resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-7.0.5.tgz#c798cc0552ffbb08981914a42a8756e339d0d5b1"; + integrity sha512-F4LcB0UqUl1zErq+1nYEEzSHJnIwb3AF2XWB94b+afhrekOUijwooAYqFyRbjYkm2PAKBabx6oYv/xDxNi8IBw== serve-handler@^6.1.7: version "6.1.7"
