Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

path-to-regexp@2.2.1 vulnerability #1254

Closed
MikeMcC399 opened this issue Sep 13, 2024 · 0 comments · Fixed by #1257
Closed

path-to-regexp@2.2.1 vulnerability #1254

MikeMcC399 opened this issue Sep 13, 2024 · 0 comments · Fixed by #1257
Assignees
@MikeMcC399
Labels
bug Something isn't working type: dependencies

Comments

@MikeMcC399
Copy link
Collaborator

MikeMcC399 commented Sep 13, 2024
edited
Loading

Issue

The following example directories report high severity vulnerabilities due to their transient dependency usage of path-to-regexp@2.2.1:

Check with npm audit:

Check with pnpm audit:

yarn audit shows no issue, however Dependabot reports the vulnerability:

Background

Issues are open (vercel/serve#811 & vercel/serve-handler#211) requesting remediation, however the corresponding repos have a low level of maintenance activity, so it can't be predicted if / when there might be release updates with vulnerabilities resolved.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MikeMcC399 MikeMcC399

Labels
bug Something isn't working type: dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore(deps): update path-to-regexp to 3.3.0 MikeMcC399/github-action
1 participant
@MikeMcC399