The Arbitrum SDK has been patched to address a Denial-of-Service (DoS) vulnerability in the 'serialize-javascript' dependency, enhancing the security and stability of dapps built on the network.

We have shipped a security patch for the Arbitrum SDK to address a high-severity Denial-of-Service (DoS) vulnerability (GHSA-qj8w-gfj5-8c6v) originating from the 'serialize-javascript' dependency. The fix involves explicitly allowlisting the package, which neutralizes the attack vector and secures the SDK against this known issue. The 'serialize-javascript' package contained a flaw that could be exploited by a malicious actor to trigger a DoS condition, potentially crashing or freezing applications that utilize the Arbitrum SDK. Maintaining the integrity and availability of dapps is a top priority, and proactive patching of vulnerable dependencies is a critical part of our security posture. This update ensures that developers are building on a secure and resilient foundation. For developers, this is an essential security update. By upgrading to the latest version of the Arbitrum SDK, you inherit this protection, hardening your application against this specific vulnerability. This non-breaking change ensures your dapp remains available and performant for your users, preventing potential disruptions and reinforcing trust in your service. We strongly recommend all developers update their dependencies immediately.