Update dependency serialize-javascript to v2 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
serialize-javascript	dependencies	major	1.9.1 -> 2.1.1

GitHub Vulnerability Alerts

CVE-2019-16769

regular expressions Cross-Site Scripting (XSS) vulnerability

Impact

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions.

This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions.

If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.

Patches

This was patched in v2.1.1.

---

Release Notes

yahoo/serialize-javascript

v2.1.1

Compare Source

v2.1.0

Compare Source

• Add ignoreFunction option (@​realdennis, #​58)

v2.0.0

Compare Source

• re-landed #​54 with bump major version (see: #​57)

---

Renovate configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or if you modify the PR title to begin with "rebase!".

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

Newsflash: Renovate has joined WhiteSource, and is now free for all use. Learn more or view updated terms and privacy policies.

[willdurand]

dup #9025

[renovate]

Renovate Ignore Notification

As this PR has been closed unmerged, Renovate will ignore this upgrade and you will not receive PRs for any future 2.x releases. However, if you upgrade to 2.x manually then Renovate will then reenable updates for minor and patch updates automatically.

If this PR was closed by mistake or you changed your mind, you can simply rename this PR and you will soon get a fresh replacement PR opened.