serialize-javascript and Cross-Site Scripting

[MatteoGabriele]

thanks for the package.
I was wondering about this warning coming from it tho. is it going to be updated any time soon.
cheers!

yarn audit v1.21.1
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate      │ Cross-Site Scripting                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ serialize-javascript                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=2.1.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ bili                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ bili > rollup-plugin-terser > serialize-javascript           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1426                        │
└───────────────┴──────────────────────────────────────────────────────────────┘
1 vulnerabilities found - Packages audited: 896891
Severity: 1 Moderate

[dmackca]

The dependency that causes it, rollup-plugin-terser, fixed the vulnerability in December, but it's in version 5 and bili is using version 4 currently.

[egoist]

🎉 This issue has been resolved in version 4.9.1 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀