[Security] Issue with serialize-javascript

[RDIL]

Right now, react-scripts relies on terser-webpack-plugin, which in turn relies on serialize-javascript. It will need a bump once released. This is causing GitHub to display security alerts on a lot of react repos. I am working to collaborate a fix downstream at terser-webpack-plugin, just opening this issue for meta.

NOTE: This WILL MOST LIKELY NOT HARM YOUR APP. The library is only used at build time.

[AWIXOR-zz]

You can try adding serialize-javascript in the resolutions inside package.json so you can force it to use the last update. then run yarn upgrade. This worked for me.