Quantcast
Channel: Issues for Drupal core
Viewing all articles
Browse latest Browse all 295320

Bump serialize-javascript version in yarn.lock to overcome known vulnerability

$
0
0

Problem/Motivation

During our scan, Security team has observed that serialize-javascript/6.0.0 has been included as dependency in the yarn.lock file but it has a known vulnerability , this needs version bump in the yarn.lock file to fix known vulnerability.

Steps to reproduce

Check yarn.lock file on 11.x head repo

Proposed resolution

Bump serialize-javascript to version 6.0.2 or higher in yarn.lock

Remaining tasks

Bump serialize-javascript to version.

Release notes snippet


Viewing all articles
Browse latest Browse all 295320

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>