From 66b03303b1325634371ebdb3923acaa6722be89f Mon Sep 17 00:00:00 2001 From: alex-krasn <64093224+alex-krasn@users.noreply.github.com> Date: Wed, 21 Oct 2020 07:09:40 -0700 Subject: [PATCH] Alex krasn/serialize javascript vulnerability (#612) * fix: zoomIn keyboar shortcut for macOS * fix: appId * fix: serialize-javascript vulnerability --- package.json | 2 +- yarn.lock | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 8aea5db44..c31ef256c 100644 --- a/package.json +++ b/package.json @@ -43,7 +43,7 @@ "redux": "^4.0.4", "redux-thunk": "^2.3.0", "rimraf": "^3.0.2", - "serialize-javascript": "^3.0.0", + "serialize-javascript": "^5.0.1", "shortid": "^2.2.15", "utif": "^3.1.0", "vott-react": "^0.2.12", diff --git a/yarn.lock b/yarn.lock index a032d80ae..fa68709da 100644 --- a/yarn.lock +++ b/yarn.lock @@ -11753,13 +11753,20 @@ serialize-javascript@^2.1.2: resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-2.1.2.tgz#ecec53b0e0317bdc95ef76ab7074b7384785fa61" integrity sha512-rs9OggEUF0V4jUSecXazOYsLfu7OGK2qIn3c7IPBiffz32XniEp/TX9Xmc9LQfK2nQ2QKHvZ2oygKUGU0lG4jQ== -serialize-javascript@^3.0.0, serialize-javascript@^3.1.0: +serialize-javascript@^3.1.0: version "3.1.0" resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-3.1.0.tgz#8bf3a9170712664ef2561b44b691eafe399214ea" integrity sha512-JIJT1DGiWmIKhzRsG91aS6Ze4sFUrYbltlkg2onR5OrnNM02Kl/hnY/T4FN2omvyeBbQmMJv+K4cPOpGzOTFBg== dependencies: randombytes "^2.1.0" +serialize-javascript@^5.0.1: + version "5.0.1" + resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-5.0.1.tgz#7886ec848049a462467a97d3d918ebb2aaf934f4" + integrity sha512-SaaNal9imEO737H2c05Og0/8LUXG7EnsZyMa8MzkmuHoELfT6txuj0cMqRj6zfPKnmQ1yasR4PCJc8x+M4JSPA== + dependencies: + randombytes "^2.1.0" + serve-index@^1.9.1: version "1.9.1" resolved "https://registry.yarnpkg.com/serve-index/-/serve-index-1.9.1.tgz#d3768d69b1e7d82e5ce050fff5b453bea12a9239"