From ada44bc8e97bcebe42d5659f3ef647257d01fd8c Mon Sep 17 00:00:00 2001 From: Changyong Gong Date: Tue, 7 Apr 2026 11:15:02 +0800 Subject: [PATCH 1/2] Bump serialize-javascript to ^7.0.3 to fix GHSA-5c6j-r48x-rmvq --- package-lock.json | 44 ++++++++++++-------------------------------- package.json | 3 +++ 2 files changed, 15 insertions(+), 32 deletions(-) diff --git a/package-lock.json b/package-lock.json index 957ce8a0..57889fe9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2197,15 +2197,6 @@ "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==", "dev": true }, - "node_modules/randombytes": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", - "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==", - "dev": true, - "dependencies": { - "safe-buffer": "^5.1.0" - } - }, "node_modules/readable-stream": { "version": "2.3.8", "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", @@ -2355,12 +2346,13 @@ } }, "node_modules/serialize-javascript": { - "version": "6.0.2", - "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.2.tgz", - "integrity": "sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==", + "version": "7.0.5", + "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-7.0.5.tgz", + "integrity": "sha512-F4LcB0UqUl1zErq+1nYEEzSHJnIwb3AF2XWB94b+afhrekOUijwooAYqFyRbjYkm2PAKBabx6oYv/xDxNi8IBw==", "dev": true, - "dependencies": { - "randombytes": "^2.1.0" + "license": "BSD-3-Clause", + "engines": { + "node": ">=20.0.0" } }, "node_modules/setimmediate": { @@ -4703,7 +4695,7 @@ "log-symbols": "^4.1.0", "minimatch": "^5.1.6", "ms": "^2.1.3", - "serialize-javascript": "^6.0.2", + "serialize-javascript": "^7.0.3", "strip-json-comments": "^3.1.1", "supports-color": "^8.1.1", "workerpool": "^6.5.1", @@ -4915,15 +4907,6 @@ "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==", "dev": true }, - "randombytes": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", - "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==", - "dev": true, - "requires": { - "safe-buffer": "^5.1.0" - } - }, "readable-stream": { "version": "2.3.8", "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", @@ -5030,13 +5013,10 @@ "dev": true }, "serialize-javascript": { - "version": "6.0.2", - "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.2.tgz", - "integrity": "sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==", - "dev": true, - "requires": { - "randombytes": "^2.1.0" - } + "version": "7.0.5", + "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-7.0.5.tgz", + "integrity": "sha512-F4LcB0UqUl1zErq+1nYEEzSHJnIwb3AF2XWB94b+afhrekOUijwooAYqFyRbjYkm2PAKBabx6oYv/xDxNi8IBw==", + "dev": true }, "setimmediate": { "version": "1.0.5", @@ -5195,7 +5175,7 @@ "@jridgewell/trace-mapping": "^0.3.25", "jest-worker": "^27.4.5", "schema-utils": "^4.3.0", - "serialize-javascript": "^6.0.2", + "serialize-javascript": "^7.0.3", "terser": "^5.31.1" } }, diff --git a/package.json b/package.json index 38de66c8..01ed94ad 100644 --- a/package.json +++ b/package.json @@ -1371,5 +1371,8 @@ "vscode-languageclient": "6.0.0-next.9", "vscode-languageserver-types": "3.16.0", "vscode-tas-client": "^0.1.84" + }, + "overrides": { + "serialize-javascript": "^7.0.3" } } From 4f2e88444ea38fcefa1b340ca3ff15d52b8ab193 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 7 Apr 2026 08:46:50 +0000 Subject: [PATCH 2/2] Pin serialize-javascript override to exactly 7.0.5 Agent-Logs-Url: https://github.com/microsoft/vscode-java-debug/sessions/286d5623-eb2f-4ec4-875a-7706228a6c3f Co-authored-by: chagong <831821+chagong@users.noreply.github.com> --- package-lock.json | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 57889fe9..5017dcfe 100644 --- a/package-lock.json +++ b/package-lock.json @@ -4695,7 +4695,7 @@ "log-symbols": "^4.1.0", "minimatch": "^5.1.6", "ms": "^2.1.3", - "serialize-javascript": "^7.0.3", + "serialize-javascript": "7.0.5", "strip-json-comments": "^3.1.1", "supports-color": "^8.1.1", "workerpool": "^6.5.1", @@ -5175,7 +5175,7 @@ "@jridgewell/trace-mapping": "^0.3.25", "jest-worker": "^27.4.5", "schema-utils": "^4.3.0", - "serialize-javascript": "^7.0.3", + "serialize-javascript": "7.0.5", "terser": "^5.31.1" } }, diff --git a/package.json b/package.json index 01ed94ad..70bcfe84 100644 --- a/package.json +++ b/package.json @@ -1373,6 +1373,6 @@ "vscode-tas-client": "^0.1.84" }, "overrides": { - "serialize-javascript": "^7.0.3" + "serialize-javascript": "7.0.5" } }