Rollup Plugin Name: @rollup/plugin-terser
Rollup Plugin Version: 0.4.4
Rollup Version: 4.59.0
Operating System (or Browser): Windows 11
Node Version: v24.12.0
# npm audit report
serialize-javascript <=7.0.2
Severity: high
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() - https://github.com/advisories/GHSA-5c6j-r48x-rmvq
fix available via `npm audit fix --force`
Will install @rollup/plugin-terser@0.1.0, which is a breaking change
node_modules/serialize-javascript
@rollup/plugin-terser >=0.2.0
Depends on vulnerable versions of serialize-javascript
node_modules/@rollup/plugin-terser
Additional Information
Happens when doing npm i on this repo:
https://github.com/Khoeckman/canvasparticles-js
Rollup Plugin Name: @rollup/plugin-terser
Rollup Plugin Version: 0.4.4
Rollup Version: 4.59.0
Operating System (or Browser): Windows 11
Node Version: v24.12.0
Additional Information
Happens when doing
npm ion this repo:https://github.com/Khoeckman/canvasparticles-js