Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

High severity dependency path-to-regexp #211

Closed
Juraj-Masiar opened this issue Sep 10, 2024 · 5 comments · Fixed by #217
Closed

High severity dependency path-to-regexp #211

Juraj-Masiar opened this issue Sep 10, 2024 · 5 comments · Fixed by #217

Comments

@Juraj-Masiar
Copy link

npm audit report

path-to-regexp 0.2.0 - 7.2.0
Severity: high
path-to-regexp outputs backtracking regular expressions - GHSA-9wv6-86v2-598j
fix available via npm audit fix --force
Will install [email protected], which is a breaking change

node_modules/path-to-regexp
  serve-handler  *
  Depends on vulnerable versions of path-to-regexp
  node_modules/serve-handler
    serve  >=7.0.0
    Depends on vulnerable versions of serve-handler
    node_modules/serve
@MikeMcC399 MikeMcC399 mentioned this issue Sep 10, 2024
Closed
@MikeMcC399
Copy link

The last version of serve-handler was released almost two years ago. Is anybody maintaining this repo these days?

@ederign ederign mentioned this issue Sep 10, 2024
Merged
4 tasks
@oskarwilliams
Copy link

@leo I see you are the owner, would this be something you can do?

@bekcpear bekcpear mentioned this issue Sep 12, 2024
Merged
@MikeMcC399 MikeMcC399 mentioned this issue Sep 14, 2024
Closed
@leo
Copy link
Contributor

leo commented Sep 16, 2024

Hey!

The package is maintained by Vercel. I'm no longer part of the Vercel team.

@thomashohn
Copy link

@AndyBitz - Can you update this package or who to contact @vercel?

@cylewaitforit cylewaitforit mentioned this issue Sep 18, 2024
Closed
@ederign ederign mentioned this issue Sep 24, 2024
Merged
5 tasks
@tolzhabayev tolzhabayev mentioned this issue Sep 26, 2024
Merged
@dmattia dmattia mentioned this issue Oct 8, 2024
Closed
@Razican Razican mentioned this issue Oct 12, 2024
Merged
@alana-cruickshank alana-cruickshank mentioned this issue Oct 13, 2024
Closed
@MikeMcC399

This comment was marked as resolved.

Sign in to view
@AndyBitz AndyBitz mentioned this issue Oct 15, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
5 participants
@thomashohn @leo @Juraj-Masiar @oskarwilliams @MikeMcC399