Upgrade dependency serialize-javascript to reduce security risk

covidwatchorg / portal

Covid Watch Portal web app for diagnosis verification

Apache License 2.0

8 stars 3 forks source link

Upgrade dependency serialize-javascript to reduce security risk #362

Closed whaber closed 4 years ago

whaber commented 4 years ago

Upgrade package dependency for serialize-javascript as current version in use (2.1.2) has a high severity security vulnerability for injection.

Latest version is 4.0.0: https://www.npmjs.com/package/serialize-javascript

ibeckermayer commented 4 years ago

This is in our package-lock.json, meaning that some other library that we're using depends on it. In that case, I think we need to track down which library it is that has this dependency and either create a fix/PR or fork it.

colbymorrison commented 4 years ago

I believe this is no longer an issue. The security vulnerabilities were for versions <3.1.0, which we no longer have in our package-lock.json.