From 000a160573df777d0c7cd58c84e7936cad3a7b73 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 2 Apr 2026 13:24:31 +0000
Subject: [PATCH 1/2] Initial plan


From 5edbfad2c6280be229c22e7bdc214c2c05215fae Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 2 Apr 2026 13:27:28 +0000
Subject: [PATCH 2/2] Fix CVE-2026-34043: upgrade serialize-javascript to 7.0.5
 via npm overrides

Agent-Logs-Url: https://github.com/github/request-marketplace-action/sessions/7fb24f2e-33c0-4839-81c4-8d23a1967287

Co-authored-by: lindluni <9400927+lindluni@users.noreply.github.com>
---
 .github/scripts/package-lock.json | 35 +++++--------------------------
 .github/scripts/package.json      |  3 +++
 2 files changed, 8 insertions(+), 30 deletions(-)

diff --git a/.github/scripts/package-lock.json b/.github/scripts/package-lock.json
index 498568a..9846add 100644
--- a/.github/scripts/package-lock.json
+++ b/.github/scripts/package-lock.json
@@ -2303,14 +2303,6 @@
                 "node": ">= 8"
             }
         },
-        "node_modules/randombytes": {
-            "version": "2.1.0",
-            "dev": true,
-            "license": "MIT",
-            "dependencies": {
-                "safe-buffer": "^5.1.0"
-            }
-        },
         "node_modules/readdirp": {
             "version": "4.1.2",
             "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-4.1.2.tgz",
@@ -2387,25 +2379,6 @@
                 "node": ">=6"
             }
         },
-        "node_modules/safe-buffer": {
-            "version": "5.2.1",
-            "dev": true,
-            "funding": [
-                {
-                    "type": "github",
-                    "url": "https://github.com/sponsors/feross"
-                },
-                {
-                    "type": "patreon",
-                    "url": "https://www.patreon.com/feross"
-                },
-                {
-                    "type": "consulting",
-                    "url": "https://feross.org/support"
-                }
-            ],
-            "license": "MIT"
-        },
         "node_modules/semver": {
             "version": "6.3.1",
             "dev": true,
@@ -2415,11 +2388,13 @@
             }
         },
         "node_modules/serialize-javascript": {
-            "version": "6.0.2",
+            "version": "7.0.5",
+            "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-7.0.5.tgz",
+            "integrity": "sha512-F4LcB0UqUl1zErq+1nYEEzSHJnIwb3AF2XWB94b+afhrekOUijwooAYqFyRbjYkm2PAKBabx6oYv/xDxNi8IBw==",
             "dev": true,
             "license": "BSD-3-Clause",
-            "dependencies": {
-                "randombytes": "^2.1.0"
+            "engines": {
+                "node": ">=20.0.0"
             }
         },
         "node_modules/set-blocking": {
diff --git a/.github/scripts/package.json b/.github/scripts/package.json
index 804ebeb..1387c17 100644
--- a/.github/scripts/package.json
+++ b/.github/scripts/package.json
@@ -24,5 +24,8 @@
         "branches": [
             "main"
         ]
+    },
+    "overrides": {
+        "serialize-javascript": "7.0.5"
     }
 }