@rollup/plugin-terser depends on vulnerable versions of serialize-javascript

[Khoeckman]

Rollup Plugin Name: @rollup/plugin-terser
Rollup Plugin Version: 0.4.4
Rollup Version: 4.59.0
Operating System (or Browser): Windows 11
Node Version: v24.12.0

# npm audit report

serialize-javascript  <=7.0.2
Severity: high
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() - https://github.com/advisories/GHSA-5c6j-r48x-rmvq 
fix available via `npm audit fix --force`
Will install @rollup/plugin-terser@0.1.0, which is a breaking change
node_modules/serialize-javascript
  @rollup/plugin-terser  >=0.2.0
  Depends on vulnerable versions of serialize-javascript
  node_modules/@rollup/plugin-terser

Additional Information

Happens when doing npm i on this repo:
https://github.com/Khoeckman/canvasparticles-js

[trimble]

See #1968

[raulrtello]

But this will be solved or we need to do a workaround?

[Khoeckman]

But this will be solved or we need to do a workaround?

They fixed it in https://www.npmjs.com/package/@rollup/plugin-terser v1.0.0