fix: Update @serialize-javascript to address @json5 vulnerability (#26)

Upgrading serialize-javascript dependency to address Prototype Pollution vulnerability affecting json5.
looker-open-source · Jul 30, 2024 · 787eb62 · 787eb62
1 parent 9a16a89
commit 787eb62
Show file tree

Hide file tree

Showing 3 changed files with 4,897 additions and 4,776 deletions.
diff --git a/package.json b/package.json
@@ -18,6 +18,7 @@
     "babel": "^6.23.0",
     "babel-loader": "^8.1.0",
     "d3": "^5.16.0",
+    "serialize-javascript": "^3.1.0",
     "ts-loader": "^7.0.5",
     "typescript": "^5.1.6",
     "uglifyjs-webpack-plugin": "^2.2.0",

diff --git a/src/utils.ts b/src/utils.ts
@@ -1,11 +1,11 @@
-import * as d3 from 'd3';
+import {format} from 'd3';
 
 import {VisConfig, VisQueryResponse, VisualizationDefinition} from './types';
 import {fromSheetsToD3Format} from './currency_formatter';
 
 export const formatType = (valueFormat: string) => {
-  const format = fromSheetsToD3Format(valueFormat);
-  return d3.format(format);
+  const formattedData = fromSheetsToD3Format(valueFormat);
+  return format(formattedData);
 };
 
 export const handleErrors = (