Skip to content

Bump serialize-javascript and copy-webpack-plugin#83

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-f89ca03f7f
Open

Bump serialize-javascript and copy-webpack-plugin#83
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-f89ca03f7f

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 8, 2026
edited
Loading

Bumps serialize-javascript to 7.0.5 and updates ancestor dependency copy-webpack-plugin. These dependencies need to be updated together.

Updates serialize-javascript from 6.0.2 to 7.0.5

Release notes

Sourced from serialize-javascript's releases.

v7.0.5

Fixes

  • Improve robustness and validation for array-like object serialization.
  • Fix an issue where certain object structures could lead to excessive CPU usage.

For more details, please see GHSA-qj8w-gfj5-8c6v.

v7.0.4

What's Changed

Full Changelog: yahoo/serialize-javascript@v7.0.3...v7.0.4

v7.0.3

  • fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207) 2e609d0
  • build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206) 42b7cdb

yahoo/serialize-javascript@v7.0.2...v7.0.3

v7.0.2

What's Changed

Full Changelog: yahoo/serialize-javascript@v7.0.1...v7.0.2

v7.0.1

What's Changed

New Contributors

Full Changelog: yahoo/serialize-javascript@v7.0.0...v7.0.1

v7.0.0

Breaking Changes

  • requires Node.js v20+

What's Changed

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for serialize-javascript since your current version.


Updates copy-webpack-plugin from 11.0.0 to 14.0.0

Release notes

Sourced from copy-webpack-plugin's releases.

v14.0.0

14.0.0 (2026-03-02)

⚠ BREAKING CHANGES

  • minimum supported Node.js version is 20.9.0 (#819) (2881203)

Bug Fixes

  • update serialize-javascript to fix security problems

v13.0.1

13.0.1 (2025-08-12)

Bug Fixes

v13.0.0

13.0.0 (2025-02-27)

⚠ BREAKING CHANGES

  • switch from globby and fast-glob to tinyglobby (#795) (19fd937)

For more information please visit tinyglobby.

The breaking change only affects the developer who used these options - gitignore and ignoreFiles in the globOptions option.

Please migrate to the ignore option.

Bug Fixes

  • concurrency option is limited to files now (#796) (d42469c)
  • the order of patterns provided by the developer is respected

v12.0.2

12.0.2 (2024-01-17)

Bug Fixes

v12.0.1

12.0.1 (2024-01-11)

... (truncated)

Changelog

Sourced from copy-webpack-plugin's changelog.

14.0.0 (2026-03-02)

⚠ BREAKING CHANGES

  • minimum supported Node.js version is 20.9.0 (#819) (2881203)

Bug Fixes

  • update serialize-javascript to fix security problems

13.0.1 (2025-08-12)

Bug Fixes

13.0.0 (2025-02-27)

⚠ BREAKING CHANGES

  • switch from globby and fast-glob to tinyglobby (#795) (19fd937)

For more information please visit tinyglobby.

The breaking change only affects the developer who used these options - gitignore and ignoreFiles in the globOptions option.

Please migrate to the ignore option.

Bug Fixes

  • concurrency option is limited to files now (#796) (d42469c)
  • the order of patterns provided by the developer is respected

12.0.2 (2024-01-17)

Bug Fixes

12.0.1 (2024-01-11)

Bug Fixes

... (truncated)

Commits
  • 18eb9d9 chore(release): 14.0.0
  • 2881203 refactor!: minimum supported Node.js version is 20.9.0 (#819)
  • 9dc3d31 chore(deps-dev): bump ajv from 6.12.6 to 6.14.0 (#815)
  • 5cf5a1d chore(deps): update (#814)
  • 3dd5b6e chore(deps): bump js-yaml (#813)
  • 9ac38bb chore(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#812)
  • 6a16bac Update link to contributing guidelines in README
  • a1625f9 chore: migrate from contrib (#810)
  • 9f6f204 chore: update github actions/checkout from v4 to v5 (#809)
  • 73a30bc chore(release): 13.0.1
  • Additional commits viewable in compare view
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 8, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 8, 2026

Super-linter summary

Language Validation result
BASH Pass ✅
CHECKOV Pass ✅
CSS_PRETTIER Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Fail ❌
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
HTML Pass ✅
HTML_PRETTIER Pass ✅
JSON Pass ✅
JSON_PRETTIER Pass ✅
MARKDOWN Pass ✅
MARKDOWN_PRETTIER Pass ✅
NATURAL_LANGUAGE Pass ✅
PRE_COMMIT Pass ✅
PYTHON_BLACK Pass ✅
PYTHON_PYLINT Pass ✅
PYTHON_FLAKE8 Pass ✅
PYTHON_ISORT Pass ✅
PYTHON_MYPY Pass ✅
PYTHON_RUFF Pass ✅
PYTHON_RUFF_FORMAT Pass ✅
SHELL_SHFMT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

Super-linter detected linting errors

For more information, see the GitHub Actions workflow run

Powered by Super-linter

GITHUB_ACTIONS_ZIZMOR 
�[1m�[33mwarning[secrets-outside-env]�[0m�[1m: secrets referenced without a dedicated environment�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/node.js.yml:60:59
   �[1m�[94m|�[0m
�[1m�[94m39�[0m �[1m�[94m|�[0m   build:
   �[1m�[94m|�[0m   �[1m�[94m-----�[0m �[1m�[94mthis job�[0m
�[1m�[94m...�[0m
�[1m�[94m60�[0m �[1m�[94m|�[0m         run: npm run build:dev -- --env BIBLE_API_KEY=${{ secrets.BIBLE_API_KEY }}
   �[1m�[94m|�[0m                                                           �[1m�[33m^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[33msecret is accessed outside of a dedicated environment�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#secrets-outside-env�[39m

�[1m�[33mwarning[secrets-outside-env]�[0m�[1m: secrets referenced without a dedicated environment�[0m
  �[1m�[94m--> �[0m/github/workspace/.github/workflows/node.js.yml:88:59
   �[1m�[94m|�[0m
�[1m�[94m70�[0m �[1m�[94m|�[0m   zip:
   �[1m�[94m|�[0m   �[1m�[94m---�[0m �[1m�[94mthis job�[0m
�[1m�[94m...�[0m
�[1m�[94m88�[0m �[1m�[94m|�[0m         run: npm run build:dev -- --env BIBLE_API_KEY=${{ secrets.BIBLE_API_KEY }}
   �[1m�[94m|�[0m                                                           �[1m�[33m^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[33msecret is accessed outside of a dedicated environment�[0m
   �[1m�[94m|�[0m
   �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
   �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#secrets-outside-env�[39m

�[32m11�[39m findings (�[1m�[93m9�[39m suppressed�[0m): �[35m0�[39m informational, �[36m0�[39m low, �[33m2�[39m medium, �[31m0�[39m high🌈 zizmor v1.23.1
�[32m INFO�[0m �[1maudit�[0m�[2m:�[0m �[2mzizmor�[0m�[2m:�[0m 🌈 completed /github/workspace/.github/workflows/codeql-analysis.yml
�[32m INFO�[0m �[1maudit�[0m�[2m:�[0m �[2mzizmor�[0m�[2m:�[0m 🌈 completed /github/workspace/.github/workflows/eslint.yml
�[32m INFO�[0m �[1maudit�[0m�[2m:�[0m �[2mzizmor�[0m�[2m:�[0m 🌈 completed /github/workspace/.github/workflows/node.js.yml
�[32m INFO�[0m �[1maudit�[0m�[2m:�[0m �[2mzizmor�[0m�[2m:�[0m 🌈 completed /github/workspace/.github/workflows/superlinter.yml

@cguldner
Copy link
Copy Markdown
Owner

cguldner commented May 27, 2026

@dependabot rebase

@dependabot
Bump serialize-javascript and copy-webpack-plugin
89c2917 
Bumps [serialize-javascript](https://github.com/yahoo/serialize-javascript) to 7.0.5 and updates ancestor dependency [copy-webpack-plugin](https://github.com/webpack/copy-webpack-plugin). These dependencies need to be updated together.


Updates `serialize-javascript` from 6.0.2 to 7.0.5
- [Release notes](https://github.com/yahoo/serialize-javascript/releases)
- [Commits](yahoo/serialize-javascript@v6.0.2...v7.0.5)

Updates `copy-webpack-plugin` from 11.0.0 to 14.0.0
- [Release notes](https://github.com/webpack/copy-webpack-plugin/releases)
- [Changelog](https://github.com/webpack/copy-webpack-plugin/blob/main/CHANGELOG.md)
- [Commits](webpack/copy-webpack-plugin@v11.0.0...v14.0.0)

---
updated-dependencies:
- dependency-name: copy-webpack-plugin
  dependency-version: 14.0.0
  dependency-type: direct:development
- dependency-name: serialize-javascript
  dependency-version: 7.0.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-f89ca03f7f branch from 88c99c5 to 89c2917 Compare May 27, 2026 02:36
@dependabot dependabot Bot deployed to development May 27, 2026 02:36 Active
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 27, 2026

Super-linter summary

Language Validation result
BASH Pass ✅
CHECKOV Pass ✅
CSS_PRETTIER Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
HTML Pass ✅
HTML_PRETTIER Pass ✅
JSON Pass ✅
JSON_PRETTIER Pass ✅
MARKDOWN Pass ✅
MARKDOWN_PRETTIER Pass ✅
NATURAL_LANGUAGE Pass ✅
PRE_COMMIT Pass ✅
PYTHON_BLACK Pass ✅
PYTHON_PYLINT Pass ✅
PYTHON_FLAKE8 Pass ✅
PYTHON_ISORT Pass ✅
PYTHON_MYPY Pass ✅
PYTHON_RUFF Pass ✅
PYTHON_RUFF_FORMAT Pass ✅
SHELL_SHFMT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cguldner