XSS vulnerability in dependency

[tacticalchihuahua]

Results of yarn audit:

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate      │ Cross-Site Scripting                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ serialize-javascript                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=2.1.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ webpack                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ webpack > terser-webpack-plugin > serialize-javascript       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1426                        │
└───────────────┴──────────────────────────────────────────────────────────────┘

See https://www.npmjs.com/advisories/1426 for more info. Not sure if bls-hd-key is affected.

[tacticalchihuahua]

It does not appear that any of the in scope packages make use of serialized regular expression objects, however, since this vulnerability is fixed - best to just upgrade.

[tacticalchihuahua]

Reclassifying this as a suggestion since there is no impact.