chore: bump devalue to 5.3.2 (#10471)

clintonsteiner · edmundhung · web-flow · commit 38bdb787c607 · 2025-08-28T13:08:10.000+01:00
* CVE-2025-57820: fix vulnerability - update devalue to 5.3.2 * pnpm up devalue@5.3.2 * add changeset --------- Co-authored-by: Edmund Hung <edmund@cloudflare.com>
diff --git a/.changeset/small-things-poke.md b/.changeset/small-things-poke.md
@@ -0,0 +1,6 @@
+---
+"@cloudflare/vitest-pool-workers": patch
+"miniflare": patch
+---
+
+chore: bump `devalue` version to 5.3.2
diff --git a/packages/miniflare/package.json b/packages/miniflare/package.json
@@ -82,7 +82,7 @@
 		"capnp-es": "^0.0.11",
 		"chokidar": "^4.0.1",
 		"concurrently": "^8.2.2",
-		"devalue": "^4.3.0",
+		"devalue": "^5.3.2",
 		"devtools-protocol": "^0.0.1182435",
 		"esbuild": "catalog:default",
 		"eslint": "^8.57.1",
diff --git a/packages/vitest-pool-workers/package.json b/packages/vitest-pool-workers/package.json
@@ -55,7 +55,7 @@
 	"dependencies": {
 		"birpc": "0.2.14",
 		"cjs-module-lexer": "^1.2.3",
-		"devalue": "^4.3.0",
+		"devalue": "^5.3.2",
 		"miniflare": "workspace:*",
 		"semver": "^7.7.1",
 		"wrangler": "workspace:*",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
