Bump serialize-javascript from 1.9.1 to 2.1.1

[dependabot]

Bumps serialize-javascript from 1.9.1 to 2.1.1.

Release notes

Sourced from serialize-javascript's releases.

v2.1.0

• Add ignoreFunction option (@​realdennis, #58)

v2.0.0

• re-landed #54 with bump major version (see: #57)

Commits

• 433fc9c 2.1.1
• 16a68ab Merge pull request from GHSA-h9rv-jmmf-4pgx
• 3bab6de Bump mocha from 6.2.1 to 6.2.2 (#60)
• 7a6b13d Bump mocha from 6.2.0 to 6.2.1 (#59)
• 40cf793 Migrate to nyc from istanbul
• 31c98ad 2.1.0
• 9b47a96 Feat. New option ignoreFunction according to issue#32 (#58)
• c65dd4a 2.0.0
• 1879481 Revert "Revert "support serialize undefined (#54)""
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

[willdurand]

@dependabot rebase

[willdurand]

The v2 is not backward-compatible with the v1 for the following reason: yahoo/serialize-javascript#57

The second commit that should fix the build mark the serialized content as JSON so that the serialize library does not try to serialize functions, regexps, etc. That should not be a problem given that the redux state should only contain primitive values.

Default output without any specific option:

var serialize = require("serialize-javascript")

console.log(serialize({
    str  : 'string',
    num  : 0,
    obj  : {foo: 'foo'},
    arr  : [1, 2, 3],
    bool : true,
    nil  : null,
    undef: undefined,
    date: new Date("Thu, 28 Apr 2016 22:02:17 GMT"),
    map: new Map([['hello', 'world']]),
    set: new Set([123, 456]),
 
    fn: function echo(arg) { return arg; },
    re: /([^\s]+)/g
}))

Output:

{"str":"string","num":0,"obj":{"foo":"foo"},"arr":[1,2,3],"bool":true,"nil":null,"undef":undefined,"date":new Date("2016-04-28T22:02:17.000Z"),"map":new Map([["hello","world"]]),"set":new Set([123,456]),"fn":function echo(arg) {
          return arg;
        },"re":new RegExp("([^\\s]+)", "g")}

It does not return a valid JSON payload, which is not unexpected because this lib "serialize[s] JavaScript to a superset of JSON that includes regular expressions, dates and functions." (quoted from the README).

Now, with the isJSON option set to true:

console.log(serialize({
    str  : 'string',
    num  : 0,
    obj  : {foo: 'foo'},
    arr  : [1, 2, 3],
    bool : true,
    nil  : null,
    undef: undefined,
    date: new Date("Thu, 28 Apr 2016 22:02:17 GMT"),
    map: new Map([['hello', 'world']]),
    set: new Set([123, 456]),
 
    fn: function echo(arg) { return arg; },
    re: /([^\s]+)/g
}, { isJSON: true }))

Output:

{"str":"string","num":0,"obj":{"foo":"foo"},"arr":[1,2,3],"bool":true,"nil":null,"date":"2016-04-28T22:02:17.000Z","map":{},"set":{},"re":{}}

[codecov-io]

Codecov Report

Merging #9025 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #9025   +/-   ##
=======================================
  Coverage   98.11%   98.11%           
=======================================
  Files         272      272           
  Lines        7581     7581           
  Branches     1373     1373           
=======================================
  Hits         7438     7438           
  Misses        129      129           
  Partials       14       14

Impacted Files	Coverage Δ
src/core/components/ServerHtml/index.js	100% <ø> (ø)	⬆️
src/amo/components/AddonHead/index.js	96% <ø> (ø)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 497b9eb...5b10867. Read the comment docs.

[bobsilverberg]

@willdurand So objects and arrays are supported, but not maps, sets, functions or regexes? That seems fine to me. Do we have a test in place that verifies that the result of calling serialize returns exactly what we expect? That would protect us in the case we tried to serialize one of these unsupported items in the future.

[willdurand]

@willdurand So objects and arrays are supported, but not maps, sets, functions or regexes? That seems fine to me. Do we have a test in place that verifies that the result of calling serialize returns exactly what we expect? That would protect us in the case we tried to serialize one of these unsupported items in the future.

The existing test suite should cover that already.