From 6d1941caa3b7feccbecfc6b06d73f95605290f77 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 2 Apr 2026 13:24:02 +0000
Subject: [PATCH 1/2] Initial plan


From 88bd5d522967e3db3a45e26e40e77f4bd7cc33b3 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 2 Apr 2026 13:26:15 +0000
Subject: [PATCH 2/2] fix: upgrade serialize-javascript to 7.0.3 via npm
 overrides to fix GHSA-5c6j-r48x-rmvq

Agent-Logs-Url: https://github.com/github/request-marketplace-action/sessions/b2c4683a-207e-4326-b808-84d5c08b9c8c

Co-authored-by: lindluni <9400927+lindluni@users.noreply.github.com>
---
 .github/scripts/package-lock.json | 35 +++++--------------------------
 .github/scripts/package.json      |  3 +++
 2 files changed, 8 insertions(+), 30 deletions(-)

diff --git a/.github/scripts/package-lock.json b/.github/scripts/package-lock.json
index 498568a..9372944 100644
--- a/.github/scripts/package-lock.json
+++ b/.github/scripts/package-lock.json
@@ -2303,14 +2303,6 @@
                 "node": ">= 8"
             }
         },
-        "node_modules/randombytes": {
-            "version": "2.1.0",
-            "dev": true,
-            "license": "MIT",
-            "dependencies": {
-                "safe-buffer": "^5.1.0"
-            }
-        },
         "node_modules/readdirp": {
             "version": "4.1.2",
             "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-4.1.2.tgz",
@@ -2387,25 +2379,6 @@
                 "node": ">=6"
             }
         },
-        "node_modules/safe-buffer": {
-            "version": "5.2.1",
-            "dev": true,
-            "funding": [
-                {
-                    "type": "github",
-                    "url": "https://github.com/sponsors/feross"
-                },
-                {
-                    "type": "patreon",
-                    "url": "https://www.patreon.com/feross"
-                },
-                {
-                    "type": "consulting",
-                    "url": "https://feross.org/support"
-                }
-            ],
-            "license": "MIT"
-        },
         "node_modules/semver": {
             "version": "6.3.1",
             "dev": true,
@@ -2415,11 +2388,13 @@
             }
         },
         "node_modules/serialize-javascript": {
-            "version": "6.0.2",
+            "version": "7.0.3",
+            "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-7.0.3.tgz",
+            "integrity": "sha512-h+cZ/XXarqDgCjo+YSyQU/ulDEESGGf8AMK9pPNmhNSl/FzPl6L8pMp1leca5z6NuG6tvV/auC8/43tmovowww==",
             "dev": true,
             "license": "BSD-3-Clause",
-            "dependencies": {
-                "randombytes": "^2.1.0"
+            "engines": {
+                "node": ">=20.0.0"
             }
         },
         "node_modules/set-blocking": {
diff --git a/.github/scripts/package.json b/.github/scripts/package.json
index 804ebeb..8352446 100644
--- a/.github/scripts/package.json
+++ b/.github/scripts/package.json
@@ -24,5 +24,8 @@
         "branches": [
             "main"
         ]
+    },
+    "overrides": {
+        "serialize-javascript": "7.0.3"
     }
 }