fix: update serialize-javascript

[alexander-akait]

Summary

Update serialize-javascript, because we can't use the latest version of serialize-javascript (due to support Node.js@10), we are using alternative approach - script to copy content of this package (and lint), in future we are planning to create the similar API on webpack side to avoid such situation (we already have the almost same API under the hood for caches into webpack core), so this solution is just a fast fix.

fixes #644
fixes #650

What kind of change does this PR introduce?

fix

Did you add tests for your changes?

Existing

Does this PR introduce a breaking change?

No

If relevant, what needs to be documented once your changes are merged or what have you already documented?

Nothing

Use of AI

No

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 96.68%. Comparing base (207764f) to head (02f5e00).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #654   +/-   ##
=======================================
  Coverage   96.68%   96.68%           
=======================================
  Files           3        3           
  Lines         332      332           
  Branches      122      122           
=======================================
  Hits          321      321           
  Misses         11       11           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[raheel-iso365]

Thank you for fixing this. Since you are now going to keep a local copy of serialize-javascript instead, does it also mean you will (and have) copied the fix for the vulnerabilities in serialize-javascript? for example the recent one:
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() - https://github.com/advisories/GHSA-5c6j-r48x-rmvq

[alexander-akait]

@raheel-iso365 we have a lint step and dependabot setup, so when serialize-javascript will get updates it will trigger dependabot and lint will failed, so we will see that we need to make a new release

[raheel-iso365]

@alexander-akait
Thanks is great, thanks!

[falsefalse]

this and following comments are not present in the scripts/copy-serialize-javascript.js, which is supposed to generate (prepend fallback to) this file.

this necessarily means lint:serialize-javascript will always fail, since it compares “fallback with comments + copied code” to “fallback without comments + copied code”, those are never equal.

comments are in russian for some reason, interesting!

[alexander-akait]

Fixed