npm audit warning - path-to-regexp #15
Comments
|
Related issues: lwsjs/blacklist#2 and koajs/route#73. |
|
thanks, will look in a few hours time
…On Wed, 11 Sept 2024, 08:29 Alexander Pepper, ***@***.***> wrote:
Related issues: lwsjs/blacklist#2
<lwsjs/blacklist#2> and koajs/route#73
<koajs/route#73>.
—
Reply to this email directly, view it on GitHub
<#15 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAJQV3ECP6EXO5RCNRWPNP3ZV7WNNAVCNFSM6AAAAABOAJGUGKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNBSHA3TCMRSGA>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
|
This will take a toucher longer to fix as upgrading path-to-regexp will break lws-rewrite and lws-blacklist due to major breaking changes in path-to-regexp recently.. I will likely drop path-to-regexp entirely and replace its previous behaviour (mainly the support for regexp input expressions, which has since been dropped) with something hand-rolled. |
|
Made a request while I work on a new solution.. |
|
the advisory fix has been implemented in path-to-regexp v6.3.0.. This was a minor version release, meaning lws-rewrite, lws-blacklist and @koa/router will now pick up the fixed module if you reinstall. According to koajs/router#186, you may still receive an advisory message but this should clear within a few days once the advisory database is updated. |
npm auditcurrently gives a warning for this package due to its dependencies.Namely the
path-to-regexppackage creates this warning: GHSA-9wv6-86v2-598jIt is triggered because of the following dependencies:
rewrite/package.json
Lines 34 to 35 in b3747c6
So
path-to-regexpis required directly, and indirectly viakoa-route.If possible, please upgrade the two packages in question.
The text was updated successfully, but these errors were encountered: