@rollup/plugin-terser depends on vulnerable versions of serialize-javascript

Rollup Plugin Name: @rollup/plugin-terser
Rollup Plugin Version: 0.4.4
Rollup Version: 4.59.0
Operating System (or Browser): Windows 11
Node Version: v24.12.0

```batch
# npm audit report

serialize-javascript  <=7.0.2
Severity: high
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() - https://github.com/advisories/GHSA-5c6j-r48x-rmvq 
fix available via `npm audit fix --force`
Will install @rollup/plugin-terser@0.1.0, which is a breaking change
node_modules/serialize-javascript
  @rollup/plugin-terser  >=0.2.0
  Depends on vulnerable versions of serialize-javascript
  node_modules/@rollup/plugin-terser
```

### Additional Information

Happens when doing `npm i` on this repo:
https://github.com/Khoeckman/canvasparticles-js

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

@rollup/plugin-terser depends on vulnerable versions of serialize-javascript #1969

Additional Information

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

@rollup/plugin-terser depends on vulnerable versions of serialize-javascript #1969

Description

Additional Information

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions