Skip to content

deps(deps): bump serialize-javascript and @rollup/plugin-terser#68

Closed
dependabot[bot] wants to merge 1 commit into
gh-pagesfrom
dependabot/npm_and_yarn/multi-79ed60ed39
Closed

deps(deps): bump serialize-javascript and @rollup/plugin-terser#68
dependabot[bot] wants to merge 1 commit into
gh-pagesfrom
dependabot/npm_and_yarn/multi-79ed60ed39

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor

Bumps serialize-javascript to 7.0.7 and updates ancestor dependency @rollup/plugin-terser. These dependencies need to be updated together.

Updates serialize-javascript from 6.0.2 to 7.0.7

Release notes

Sourced from serialize-javascript's releases.

v7.0.7

What's Changed

Full Changelog: yahoo/serialize-javascript@v7.0.6...v7.0.7

v7.0.6

What's Changed

Full Changelog: yahoo/serialize-javascript@v7.0.5...v7.0.6

v7.0.5

Fixes

  • Improve robustness and validation for array-like object serialization.
  • Fix an issue where certain object structures could lead to excessive CPU usage.

For more details, please see GHSA-qj8w-gfj5-8c6v.

v7.0.4

What's Changed

Full Changelog: yahoo/serialize-javascript@v7.0.3...v7.0.4

v7.0.3

  • fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207) 2e609d0
  • build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206) 42b7cdb

yahoo/serialize-javascript@v7.0.2...v7.0.3

v7.0.2

What's Changed

Full Changelog: yahoo/serialize-javascript@v7.0.1...v7.0.2

v7.0.1

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for serialize-javascript since your current version.


Updates @rollup/plugin-terser from 0.4.4 to 1.0.0

Changelog

Sourced from @​rollup/plugin-terser's changelog.

v1.0.0

2026-03-05

Breaking Changes

  • terser!: upgrade serialize-javascript to v7 and node to v20 (#1968)
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​rollup/plugin-terser since your current version.


@dependabot @github

dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

Assignees

The following users could not be added as assignees: gardenlinux-team. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Please fix the above issues or remove invalid values from dependabot.yml.

@yeoldegrove

Copy link
Copy Markdown
Contributor

@dependabot rebase

Bumps [serialize-javascript](https://github.com/yahoo/serialize-javascript) to 7.0.7 and updates ancestor dependency [@rollup/plugin-terser](https://github.com/rollup/plugins/tree/HEAD/packages/terser). These dependencies need to be updated together.


Updates `serialize-javascript` from 6.0.2 to 7.0.7
- [Release notes](https://github.com/yahoo/serialize-javascript/releases)
- [Commits](yahoo/serialize-javascript@v6.0.2...v7.0.7)

Updates `@rollup/plugin-terser` from 0.4.4 to 1.0.0
- [Changelog](https://github.com/rollup/plugins/blob/master/packages/terser/CHANGELOG.md)
- [Commits](https://github.com/rollup/plugins/commits/beep-v1.0.0/packages/terser)

---
updated-dependencies:
- dependency-name: "@rollup/plugin-terser"
  dependency-version: 1.0.0
  dependency-type: direct:development
- dependency-name: serialize-javascript
  dependency-version: 7.0.7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-79ed60ed39 branch from cd3b953 to 9af5e09 Compare July 9, 2026 11:57
@yeoldegrove yeoldegrove closed this Jul 9, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/multi-79ed60ed39 branch July 9, 2026 12:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant