-
-
Notifications
You must be signed in to change notification settings - Fork 211
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update path-to-regexp #966
Comments
Please and thank you 🙌 |
v0.1.X also needs to be updated to v1.10.0 |
currently this fails npm audit
|
how to fix this issue. facing same problem |
Also having issues using this library. It looks like the automated PR's to update the library failed due to a build issue. Looks like this might need a code update to account for the new shape of the functions in the new version of the path-to-regexp library. |
The update is non-trivial, since newer versions of Express 4.20 is using To get to the point where only 7 wildcard specs are failing, you can bump Not sure what to do from there apart from just deleting the wildcard functionality, any ideas? Seems to me safest approach would be to go back to |
for version 8.1.0 need to modify code as of now fix version is 6.3.0 |
Following the release of |
The PR above upgrades to path-to-regex to 6.3.0 which resolves the vulnerability. An upgrade to v8.x is still desired. PRs welcome |
Found a way to update the code to support path-to-regexp 8.1.0 #976. I had to do a pinch of rework in the openapi.spec.loader.ts to handle some of the new expectations for the 8.1.0 versions in setting up the path models. If the PR needs any adjustments let me know. |
I did validate that the changes in #976 pass all the current unit tests, and the code changed is covered by the current unit testing. I'm not sure what unit test updates would be needed beyond that. |
|
Pr has been raised already |
Since #976 is merged, can a new release be made? 🙏🏻 |
fixed. closing this out |
Please update to the current version of path-to-express, to mitigate the security vulnerability described in GHSA-9wv6-86v2-598j. Fix version should be 8.1.0
Thanks :-)!
The text was updated successfully, but these errors were encountered: