You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I stumbled upon this issue indirectly because Github sent me a different security alert for safer-eval@1.3.2, which is a transitive dependency of serialize-to-js. However, upgrading safer-eval is not sufficient due to the above referenced vulnerability.
🐛 bug report
The dependency serialize-to-js is exposing a DoS vulnerability in version 1.1.1. See this issue for more details.
I stumbled upon this issue indirectly because Github sent me a different security alert for safer-eval@1.3.2, which is a transitive dependency of serialize-to-js. However, upgrading safer-eval is not sufficient due to the above referenced vulnerability.
🎛 Configuration (.babelrc, package.json, cli command)
🤔 Expected Behavior
😯 Current Behavior
💁 Possible Solution
Upgrade to serialize-to-js@^3.0.0 if no functionality is lost (the method
deserialized
was dropped due to the issue in version 2.0.0)🔦 Context
💻 Code Sample
🌍 Your Environment
The text was updated successfully, but these errors were encountered: