-
-
Notifications
You must be signed in to change notification settings - Fork 274
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
@toolpad/core 6 depends on vulnerable versions of path-to-regexp #4125
Comments
This issue has been closed. If you have a similar problem but not exactly the same, please open a new issue. Note We value your feedback @nicolo-tito! How was your experience with our support team? |
Steps to reproduce
npm audit on "@toolpad/core": "^0.6.0"
Current behavior
npm audit report
path-to-regexp 4.0.0 - 6.2.2
Severity: high
path-to-regexp outputs backtracking regular expressions - GHSA-9wv6-86v2-598j
fix available via
npm audit fix --force
Will install @toolpad/core@0.5.2, which is a breaking change
node_modules/path-to-regexp
@toolpad/core >=0.6.0
Depends on vulnerable versions of path-to-regexp
node_modules/@toolpad/core
Expected behavior
No response
Context
No response
Your environment
No response
Search keywords: path-to-regexp
The text was updated successfully, but these errors were encountered: