Please update version of serialize-javascript in use by image dependencies

[russell-maz]

Describe the bug
The browserless container has mocha as a dependecy. Mocha depends on serialize-javascript version 6.0.0. There is a new version of serialize-javascript that addresses a vulnerability that appeared in our AWS container registry.

https://security.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607

To Reproduce
Steps to reproduce the behavior:

1. Build latest container
2. sh into container shell
3. Run npm ls serialize-javascript

@browserless.io/[email protected] /usr/src/app
└─┬ [email protected]
  └── [email protected]

Expected behavior
Can we bump the version of serialize-javascript being used by depdencies to 6.0.2

Screenshots

[joelgriffith]

Once mochajs/mocha#5109 is fixed then we can get that fix internally. This dependency shouldn't be present or used in production systems and is only used during tests. Can you verify that this package isn't present in your container?

[russell-maz]

Hi @joelgriffith

You actually raised a good question. I need to check something in the container. THis may not be for you to resolve. I will revert back shortly

Russell

[russell-maz]

Closing this story, the issue is actually originating from a repo i push into my docker container, not your image. Apologies.