build(deps-dev): bump serialize-javascript from 1.3.0 to 2.1.2

[mateusvelleda]

What kind of change does this PR introduce?

• Fix a XSS vulnerability - GHSA-h9rv-jmmf-4pgx

Does this PR introduce a breaking change? (check one)

• Yes
• No

The PR fulfills these requirements:

• It's submitted to the dev branch for v2.x (or to a previous version branch), not the master branch
• When resolving a specific issue, it's referenced in the PR's title (e.g. fix #xxx[,#xxx], where "xxx" is the issue number)
• All tests are passing: https://github.com/vuejs/vue/blob/dev/.github/CONTRIBUTING.md#development-setup
• New/updated tests are included

Other information:
Since I couldn't find the reason for pinning webpack at shakir-abdo@bb0aab6 I just upgrade it. I've done it due to webpack#terser-webpack-plugin#serialize-javascript that would keep the vulnerable version in the deps

[posva]

can you remove the webpack upgrade and the yarn.lock modification, please?

[mateusvelleda]

can you remove the webpack upgrade and the yarn.lock modification, please?

@posva it's done. Sincerely I tried to found a reason for the pinned version of webpack. I know it's a XSS vulnerability, so build tools are not affected. I was just thinking that GitHub vulnerability alerts will keep warning due to having the vulnerable version in yarn.lock due to webpack#terser-webpack-plugin#serialize-javascript

[posva]

Thanks!

[posva]

It's fine for webpack. It will be updated at a different time

[mateusvelleda]

@posva any idea about when it's gonna be released?

[vue-bot]

Hey @mateusvelleda, thank you for your time and effort spent on this PR, contributions like yours help make Vue better for everyone. Cheers! 💚