Bump serialize-javascript and compression-webpack-plugin by dependabot[bot] · Pull Request #1 · devopsabcs-engineering/aro-mslearn-aks-workshop-ratings-web

dependabot · 2026-04-02T11:53:29Z

Bumps serialize-javascript to 7.0.5 and updates ancestor dependency compression-webpack-plugin. These dependencies need to be updated together.

Updates serialize-javascript from 1.7.0 to 7.0.5

Release notes

Sourced from serialize-javascript's releases.

v7.0.5

Fixes

Improve robustness and validation for array-like object serialization.

Fix an issue where certain object structures could lead to excessive CPU usage.

For more details, please see GHSA-qj8w-gfj5-8c6v.

v7.0.4

What's Changed

release: v7.0.4 by @okuryu in yahoo/serialize-javascript#211

Full Changelog: yahoo/serialize-javascript@v7.0.3...v7.0.4

v7.0.3

fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207) 2e609d0

build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206) 42b7cdb

yahoo/serialize-javascript@v7.0.2...v7.0.3

v7.0.2

What's Changed

ci: bump GitHub Actions to latest versions by @okuryu in yahoo/serialize-javascript#203

ci: setup trusted publishing workflow by @okuryu in yahoo/serialize-javascript#204

release: v7.0.2 by @okuryu in yahoo/serialize-javascript#205

Full Changelog: yahoo/serialize-javascript@v7.0.1...v7.0.2

v7.0.1

What's Changed

Add warning about using this package to send arbitrary data to worker threads by @valadaptive in yahoo/serialize-javascript#200

security: sanitize function bodies by @redonkulus in yahoo/serialize-javascript#199

docs: tweak README by @okuryu in yahoo/serialize-javascript#201

release: v7.0.1 by @okuryu in yahoo/serialize-javascript#202

New Contributors

@redonkulus made their first contribution in yahoo/serialize-javascript#199

Full Changelog: yahoo/serialize-javascript@v7.0.0...v7.0.1

v7.0.0

Breaking Changes

requires Node.js v20+

What's Changed

Bump mocha from 10.2.0 to 10.4.0 by @dependabot[bot] in yahoo/serialize-javascript#178

... (truncated)

Commits

df3f1c1 release: v7.0.5
f147e90 Merge commit from fork
eec32e0 release: v7.0.4
d505715 7.0.3
2e609d0 fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207)
42b7cdb build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206)
44f544b release: v7.0.2 (#205)
bba0ddd ci: setup trusted publishing workflow (#204)
235f6ea ci: bump GitHub Actions to latest versions (#203)
f7fff15 release: v7.0.1 (#202)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for serialize-javascript since your current version.

Updates compression-webpack-plugin from 1.1.12 to 12.0.0

Release notes

Sourced from compression-webpack-plugin's releases.

v12.0.0

12.0.0 (2026-03-02)

⚠ BREAKING CHANGES

minimum supported Node.js version is 20.9.0 (#423) (5d0ab70)

v11.1.0

11.1.0 (2024-02-27)

Features

support the deleteOriginalAssets option as a function (#380) (1be8955)

Bug Fixes

test/include/exclude types (#379) (4c9f6f4)

v11.0.0

11.0.0 (2024-01-15)

⚠ BREAKING CHANGES

minimum supported Node.js version is 18.12.0 (2ef7b37)

v10.0.0

10.0.0 (2022-05-17)

⚠ BREAKING CHANGES

default filename is [path][base].br for brotli (#286)

minimum supported Node.js version is 14.15.0 (#301)

v9.2.0

9.2.0 (2021-12-16)

Features

removed cjs wrapper and generated types in commonjs format (export = and namespaces used in types), now you can directly use exported types (#277) (8664d36)

v9.1.2

9.1.2 (2021-12-13)

... (truncated)

Changelog

Sourced from compression-webpack-plugin's changelog.

12.0.0 (2026-03-02)

⚠ BREAKING CHANGES

minimum supported Node.js version is 20.9.0 (#423) (5d0ab70)

11.1.0 (2024-02-27)

Features

support the deleteOriginalAssets option as a function (#380) (1be8955)

Bug Fixes

test/include/exclude types (#379) (4c9f6f4)

11.0.0 (2024-01-15)

⚠ BREAKING CHANGES

minimum supported Node.js version is 18.12.0 (2ef7b37)

10.0.0 (2022-05-17)

⚠ BREAKING CHANGES

default filename is [path][base].br for brotli (#286)

minimum supported Node.js version is 14.15.0 (#301)

Bug Fixes

default filename is [path][base].br for brotli (#286) (db04e14)

minimum supported Node.js version is 14.15.0 (#301) (5db3255)

9.2.0 (2021-12-16)

Features

removed cjs wrapper and generated types in commonjs format (export = and namespaces used in types), now you can directly use exported types (#277) (8664d36)

9.1.2 (2021-12-13)

... (truncated)

Commits

03e9d08 chore(release): 12.0.0
5d0ab70 refactor!: minimum supported Node.js version is 20.9.0 (#423)
1ac5578 chore(deps): bump minimatch (#420)
5f7e59f chore(deps-dev): bump ajv from 6.12.6 to 6.14.0 (#418)
9579f6b chore(deps): bump js-yaml (#416)
4e7bd8e chore(deps): bump lodash from 4.17.21 to 4.17.23 (#415)
4aaa642 docs: update contributing
838a04d chore: migrate from contrib (#412)
f42651f chore: update github actions/checkout from v4 to v5 (#411)
8f399b4 chore(deps): update (#410)
Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [serialize-javascript](https://github.com/yahoo/serialize-javascript) to 7.0.5 and updates ancestor dependency [compression-webpack-plugin](https://github.com/webpack/compression-webpack-plugin). These dependencies need to be updated together. Updates `serialize-javascript` from 1.7.0 to 7.0.5 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v1.7.0...v7.0.5) Updates `compression-webpack-plugin` from 1.1.12 to 12.0.0 - [Release notes](https://github.com/webpack/compression-webpack-plugin/releases) - [Changelog](https://github.com/webpack/compression-webpack-plugin/blob/main/CHANGELOG.md) - [Commits](webpack/compression-webpack-plugin@v1.1.12...v12.0.0) --- updated-dependencies: - dependency-name: serialize-javascript dependency-version: 7.0.5 dependency-type: indirect - dependency-name: compression-webpack-plugin dependency-version: 12.0.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 2, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump serialize-javascript and compression-webpack-plugin#1

Bump serialize-javascript and compression-webpack-plugin#1
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-370bd4cff9

dependabot Bot commented on behalf of github Apr 2, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 2, 2026

v7.0.5

Fixes

v7.0.4

What's Changed

v7.0.3

v7.0.2

What's Changed

v7.0.1

What's Changed

New Contributors

v7.0.0

Breaking Changes

What's Changed

v12.0.0

12.0.0 (2026-03-02)

⚠ BREAKING CHANGES

v11.1.0

11.1.0 (2024-02-27)

Features

Bug Fixes

v11.0.0

11.0.0 (2024-01-15)

⚠ BREAKING CHANGES

v10.0.0

10.0.0 (2022-05-17)

⚠ BREAKING CHANGES

v9.2.0

9.2.0 (2021-12-16)

Features

v9.1.2

9.1.2 (2021-12-13)

12.0.0 (2026-03-02)

⚠ BREAKING CHANGES

11.1.0 (2024-02-27)

Features

Bug Fixes

11.0.0 (2024-01-15)

⚠ BREAKING CHANGES

10.0.0 (2022-05-17)

⚠ BREAKING CHANGES

Bug Fixes

9.2.0 (2021-12-16)

Features

9.1.2 (2021-12-13)

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants