fix: update serialize-javascript to >=7.0.3 <8 (#592)

Anshumancanrock · cameri · web-flow · commit 0119c74c9e98 · 2026-05-03T20:30:34.000-04:00
Co-authored-by: Ricardo Cabral &lt;me@ricardocabral.io&gt;
diff --git a/.changeset/fix-serialize-javascript-cve.md b/.changeset/fix-serialize-javascript-cve.md
@@ -0,0 +1,5 @@
+---
+"nostream": patch
+---
+
+Security: override serialize-javascript to >=7.0.3 (CVE RCE, GHSA-5c6j-r48x-rmvq)
diff --git a/package.json b/package.json
@@ -180,7 +180,9 @@
   "optionalDependencies": {
     "lzma-native": "^8.0.6"
   },
-  "overrides": {
-    "axios@<0.31.0": ">=0.31.0"
+  "pnpm": {
+    "overrides": {
+      "serialize-javascript": ">=7.0.3 <8"
+    }
   }
 }
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"nostream": patch
 +---
++
 +Security: override serialize-javascript to >=7.0.3 (CVE RCE, GHSA-5c6j-r48x-rmvq)