build(deps): bump serialize-javascript and @rollup/plugin-terser by dependabot[bot] · Pull Request #1361 · tomvanswam/compass-card

dependabot · 2026-03-29T13:56:19Z

Bumps serialize-javascript to 7.0.5 and updates ancestor dependency @rollup/plugin-terser. These dependencies need to be updated together.

Updates serialize-javascript from 6.0.2 to 7.0.5

Release notes

Sourced from serialize-javascript's releases.

v7.0.5

Fixes

Improve robustness and validation for array-like object serialization.

Fix an issue where certain object structures could lead to excessive CPU usage.

For more details, please see GHSA-qj8w-gfj5-8c6v.

v7.0.4

What's Changed

release: v7.0.4 by @okuryu in yahoo/serialize-javascript#211

Full Changelog: yahoo/serialize-javascript@v7.0.3...v7.0.4

v7.0.3

fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207) 2e609d0

build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206) 42b7cdb

yahoo/serialize-javascript@v7.0.2...v7.0.3

v7.0.2

What's Changed

ci: bump GitHub Actions to latest versions by @okuryu in yahoo/serialize-javascript#203

ci: setup trusted publishing workflow by @okuryu in yahoo/serialize-javascript#204

release: v7.0.2 by @okuryu in yahoo/serialize-javascript#205

Full Changelog: yahoo/serialize-javascript@v7.0.1...v7.0.2

v7.0.1

What's Changed

Add warning about using this package to send arbitrary data to worker threads by @valadaptive in yahoo/serialize-javascript#200

security: sanitize function bodies by @redonkulus in yahoo/serialize-javascript#199

docs: tweak README by @okuryu in yahoo/serialize-javascript#201

release: v7.0.1 by @okuryu in yahoo/serialize-javascript#202

New Contributors

@redonkulus made their first contribution in yahoo/serialize-javascript#199

Full Changelog: yahoo/serialize-javascript@v7.0.0...v7.0.1

v7.0.0

Breaking Changes

requires Node.js v20+

What's Changed

Bump mocha from 10.2.0 to 10.4.0 by @dependabot[bot] in yahoo/serialize-javascript#178

... (truncated)

Commits

df3f1c1 release: v7.0.5
f147e90 Merge commit from fork
eec32e0 release: v7.0.4
d505715 7.0.3
2e609d0 fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207)
42b7cdb build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206)
44f544b release: v7.0.2 (#205)
bba0ddd ci: setup trusted publishing workflow (#204)
235f6ea ci: bump GitHub Actions to latest versions (#203)
f7fff15 release: v7.0.1 (#202)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for serialize-javascript since your current version.

Updates @rollup/plugin-terser from 0.4.4 to 1.0.0

Changelog

Sourced from @rollup/plugin-terser's changelog.

v1.0.0

2026-03-05

Breaking Changes

terser!: upgrade serialize-javascript to v7 and node to v20 (#1968)

Commits

See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @rollup/plugin-terser since your current version.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [serialize-javascript](https://github.com/yahoo/serialize-javascript) to 7.0.5 and updates ancestor dependency [@rollup/plugin-terser](https://github.com/rollup/plugins/tree/HEAD/packages/terser). These dependencies need to be updated together. Updates `serialize-javascript` from 6.0.2 to 7.0.5 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.2...v7.0.5) Updates `@rollup/plugin-terser` from 0.4.4 to 1.0.0 - [Changelog](https://github.com/rollup/plugins/blob/master/packages/terser/CHANGELOG.md) - [Commits](https://github.com/rollup/plugins/commits/beep-v1.0.0/packages/terser) --- updated-dependencies: - dependency-name: "@rollup/plugin-terser" dependency-version: 1.0.0 dependency-type: direct:development - dependency-name: serialize-javascript dependency-version: 7.0.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Auto dependency update by dependabot javascript Pull requests that update javascript code labels Mar 29, 2026

dependabot Bot mentioned this pull request Mar 29, 2026

build(deps): bump serialize-javascript and @rollup/plugin-terser #1340

Closed

dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-6d4e7e967a branch from 98aa5d7 to d199955 Compare March 31, 2026 05:31

dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-6d4e7e967a branch 2 times, most recently from aefba4d to aef513a Compare April 14, 2026 05:40

dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-6d4e7e967a branch from aef513a to be803b3 Compare April 21, 2026 05:41

dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-6d4e7e967a branch from be803b3 to e9051b4 Compare April 28, 2026 06:00

dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-6d4e7e967a branch from e9051b4 to 9e1dba8 Compare April 28, 2026 07:09

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): bump serialize-javascript and @rollup/plugin-terser#1361

build(deps): bump serialize-javascript and @rollup/plugin-terser#1361
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-6d4e7e967a

dependabot Bot commented on behalf of github Mar 29, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github Mar 29, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v7.0.5

Fixes

v7.0.4

What's Changed

v7.0.3

v7.0.2

What's Changed

v7.0.1

What's Changed

New Contributors

v7.0.0

Breaking Changes

What's Changed

v1.0.0

Breaking Changes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Mar 29, 2026 •

edited

Loading