🐛 Bug: Bump serialize-javascript from 6.0.0 to 6.0.2

[JesKingDev]

Bug Report Checklist

• I have read and agree to Mocha's Code of Conduct and Contributing Guidelines
• I have searched for related issues and issues with the faq label, but none matched my issue.
• I have 'smoke tested' the code to be tested by running it outside the real test suite to get a better sense of whether the problem is in the code under test, my usage of Mocha, or Mocha itself.
• I want to provide a PR to resolve this

Expected

Adding a dependency to the Mocha package should not introduce security vulnerabilities.

Actual

If your project uses Snyk to protect against security vulnerabilities, the Mocha dependency is flagged as problematic due to an explicit lock on serialize-javascript 6.0.0

https://security.snyk.io/package/npm/serialize-javascript

Minimal, Reproducible Example

Refer to https://security.snyk.io/package/npm/serialize-javascript for the vulnerable versions of this package.

Versions

From package-lock.json

"node_modules/mocha": {
      "version": "10.0.0",

I checked the latest Mocha package-lock.json though, and the serialize-javascript version is still at 6.0.0.

Additional Info

No response

[silsanchez]

Hi there! I have the same issue, we are waiting for the resolution, so I will subscribe to noticies about this. thanks!