fix(deps): vuln serialize-javascript (major → 7.0.5)

[gh-worker-campaigns-3e9aa4]

Summary: High-severity security update — 1 package upgraded (MAJOR changes included)

Manifests changed:

• . (yarn)

---

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

---

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
serialize-javascript	2.1.2	7.0.5	major	Direct	3 HIGH, 2 MODERATE

---

Warning

Major Version Upgrade

This update includes major version changes that may contain breaking changes. Please:

• Review the changelog/release notes for breaking changes
• Test thoroughly in a staging environment
• Update any code that depends on changed APIs
• Ensure all tests pass before merging

Security Details

🚨 Critical & High Severity (3 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
serialize-javascript	GHSA-5c6j-r48x-rmvq	HIGH	Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()	2.1.2	7.0.3
serialize-javascript	GHSA-hxcc-f52p-wc94	HIGH	Insecure serialization leading to RCE in serialize-javascript	2.1.2	3.1.0
serialize-javascript	CVE-2020-7660	HIGH	-	2.1.2	-

ℹ️ Other Vulnerabilities (2)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
serialize-javascript	GHSA-qj8w-gfj5-8c6v	MODERATE	Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects	2.1.2	7.0.5
serialize-javascript	CVE-2026-34043	MODERATE	Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects	2.1.2	-

---

Review Checklist

Extra review is recommended for this update:

• Review changes for compatibility with your code
• Check release notes for breaking changes
• Run integration tests to verify service behavior
• Test in staging environment before production
• Monitor key metrics after deployment
• Approve and merge this PR

---

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System