From e3ffce99c647bd4be642f031069ab4581068c8e4 Mon Sep 17 00:00:00 2001 From: Andreas Beuge Date: Thu, 7 May 2026 15:04:03 +0200 Subject: [PATCH 1/2] chore: add test ci --- .github/workflows/ci.yaml | 41 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .github/workflows/ci.yaml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..e4ec047 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,41 @@ +name: Test +on: + push: + branches: + - "**" + workflow_dispatch: +jobs: + ci_checks: + uses: parcellab/ci/.github/workflows/ci-requirements.yaml@v8 + + ci_check_result: + needs: ci_checks + if: always() + runs-on: ubuntu-latest + steps: + - name: Show CI check results + run: | + echo "full_run_required=${{ needs.ci_checks.outputs.full_run_required }}" + echo "test_run_required=${{ needs.ci_checks.outputs.test_run_required }}" + + test: + needs: ci_checks + if: ${{ needs.ci_checks.outputs.test_run_required == 'true' }} + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v5 + with: + fetch-depth: 1 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 18 + cache: npm + + - name: Install dependencies + run: npm ci + + - name: Run tests + run: npm test From 8c593750f98ce3287004be72af4b2381f060a2d7 Mon Sep 17 00:00:00 2001 From: Andreas Beuge Date: Thu, 7 May 2026 15:13:37 +0200 Subject: [PATCH 2/2] fix: bump serialize-javascript to 7.0.5 via npm overrides MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Resolves Dependabot alerts #25 (GHSA-5c6j-r48x-rmvq, high — RCE via RegExp.flags injection) and #28 (CVE-2026-34043, medium — DoS via CPU exhaustion). mocha pins serialize-javascript@^6.0.2 so an override is needed to force resolution to the patched version. --- package-lock.json | 41 +++++------------------------------------ package.json | 3 +++ 2 files changed, 8 insertions(+), 36 deletions(-) diff --git a/package-lock.json b/package-lock.json index 7fe6a60..575e38d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -990,16 +990,6 @@ "node": ">=6" } }, - "node_modules/randombytes": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", - "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==", - "dev": true, - "license": "MIT", - "dependencies": { - "safe-buffer": "^5.1.0" - } - }, "node_modules/readdirp": { "version": "3.6.0", "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", @@ -1021,35 +1011,14 @@ "node": ">=0.10.0" } }, - "node_modules/safe-buffer": { - "version": "5.2.1", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", - "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", - "dev": true, - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/feross" - }, - { - "type": "patreon", - "url": "https://www.patreon.com/feross" - }, - { - "type": "consulting", - "url": "https://feross.org/support" - } - ], - "license": "MIT" - }, "node_modules/serialize-javascript": { - "version": "6.0.2", - "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.2.tgz", - "integrity": "sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==", + "version": "7.0.5", + "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-7.0.5.tgz", + "integrity": "sha512-F4LcB0UqUl1zErq+1nYEEzSHJnIwb3AF2XWB94b+afhrekOUijwooAYqFyRbjYkm2PAKBabx6oYv/xDxNi8IBw==", "dev": true, "license": "BSD-3-Clause", - "dependencies": { - "randombytes": "^2.1.0" + "engines": { + "node": ">=20.0.0" } }, "node_modules/shebang-command": { diff --git a/package.json b/package.json index 83ce53f..c0ac4b0 100644 --- a/package.json +++ b/package.json @@ -36,6 +36,9 @@ "prepublishOnly": "npm run build && npm run test", "prepare": "husky" }, + "overrides": { + "serialize-javascript": ">=7.0.5" + }, "files": [ "index.js", "lib",