fix: serialize-javascript vulnerability by updating package (#10910)

[staghouse]

What kind of change does this PR introduce? (check at least one)

• Bugfix
• Feature
• Code style update
• Refactor
• Build-related changes
• Other, please describe: Security Vulnerability

Does this PR introduce a breaking change? (check one)

• Yes
• No

If yes, please describe the impact and migration path for existing applications:

The PR fulfills these requirements:

• It's submitted to the dev branch for v2.x (or to a previous version branch), not the master branch
• When resolving a specific issue, it's referenced in the PR's title (e.g. fix #xxx[,#xxx], where "xxx" is the issue number)
• All tests are passing: https://github.com/vuejs/vue/blob/dev/.github/CONTRIBUTING.md#development-setup
• New/updated tests are included

If adding a new feature, the PR's description includes:

• A convincing reason for adding this feature (to avoid wasting your time, it's best to open a suggestion issue first and wait for approval before working on it)

Other information:

[posva]

Can you remove all generated files related changes and only include package.json files changes, please?

[posva]

Note: there is a breaking change regarding how objects with an undefined value are serialized: yahoo/serialize-javascript#57
Must include

Close #10910

when squashing

[posva]

Closing in favor of #10904 It's missing the upgrade in the package.json file

[staghouse]

Please check again. My history got a bit hairy with the revert. If this PR is still broken I will close and open a clean PR without running the tests.

[posva]

Only package.json files must end up modified. Feel free to submit a new PR if that's easier for you

[staghouse]

Problem is I'll have to --no-verify passed the linter as it seems to correct some issues on commit, is this acceptable?

[posva]

it shouldn't be a problem but yes, you can do that and the PR might still be valid

[staghouse]

Closing in favor of #10914