CVE-2020-7660: Upgrade serialize-javascript to version 3.1.0 or later

[mohanraj-r]

Environment (please complete the following information):

• WebdriverIO version: "^6.4.0"
• Node.js version: '12.18.3'
• NPM version: '6.14.6'
• Additional wdio packages used (if applicable): "@wdio/mocha-framework": "^6.4.0",

Describe the bug
Insecure serialization leading to RCE in serialize-javascript · CVE-2020-7660 · GitHub Advisory Database

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".

Additional context

$ yarn why serialize-javascript
yarn why v1.22.4
[1/4] 🤔  Why do we have the module "serialize-javascript"...?
[2/4] 🚚  Initialising dependency graph...
[3/4] 🔍  Finding dependency...
[4/4] 🚡  Calculating file sizes...
=> Found "serialize-javascript@3.0.0"
info Reasons this module exists
   - "_project_#@wdio#mocha-framework#mocha" depends on it
   - Hoisted from "_project_#@wdio#mocha-framework#mocha#serialize-javascript"

mocha has been updated to fix this: Update javascript-serialize 3.1.0 to 4.0.0 by wnghdcjfe · Pull Request #4378 · mochajs/mocha

Need to update the "mocha" dependency in @wdio/mocha-framework from "^8.0.1" to 8.1.0 or later

[christian-bromann]

@mohanraj-r please remove your yarn-lock file and reinstall all dependencies. It should automatically install Mocha v8.1.0.