After upgrading to Vaadin version 14.3.3 I get a github dependabot security warning for serialize-javascript affected versions prior 3.1.0, see [https://github.com/advisories/GHSA-hxcc-f52p-wc94]
(https://github.com/advisories/GHSA-hxcc-f52p-wc94)
do I need to take any action?
Hi.
The serialize-javascript plugin comes in from the webpack-compression-plugin which is used
only during compilation in production mode so this issue is not applicable for Vaadin in this case.
We shall test with the newer 4.0.1 version of the compression plugin to get the update serialize library
so no warnings are shown, but in the meantime there is no critical issue going forward.
Please follow ticket [8857]
(https://github.com/vaadin/flow/issues/8857) for the resolution on the issue.