-
Notifications
You must be signed in to change notification settings - Fork 176
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[fix] npm audit
reporting high severity vulnerability with @koa/router
13.0.0
#186
Comments
Facing the same issue since yesterday. koa-router(12.0.1) is using path-to-regexp of version 6.2.1. I am getting build errors to upgrade the path-to-regexp to latest. How to fix this issue? Will koa-router publish a latest version with patched path-to-regexp version? |
➕ |
related pillarjs/path-to-regexp#324 |
locally incrementing to 6.3.0 does not satisfy the warning path-to-regexp 4.0.0 - 7.2.0
Severity: high
path-to-regexp outputs backtracking regular expressions - https://github.com/advisories/GHSA-9wv6-86v2-598j
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/path-to-regexp |
The advisory wasn't updated yet to include the 6.x patched version: GHSA-9wv6-86v2-598j |
That's unrelated to the |
Thank you @mschfh for your contribution by bumping @titanism could you please publish the next release v13.1.0 with latest commit on the master branch. And please publish v12.0.2 from this branch (v12.0.2) to prevent @moez-qlik marked issue here and the potential issue related to path params.
|
I also merged #189 |
v13.0.1 released https://github.com/koajs/router/releases/tag/v13.0.1 |
@titanism can you release the Vulnerablity fix on v12.0.2? |
I apologize for the delayed response. Merging PR #189 is a significant change that requires a major version bump (v14), making it a risky step. That’s why I didn’t merge it upon review and have assigned myself to the review process. Additionally, I think we should stick with To move forward, I propose the following steps:
|
@moez-qlik I working with @titanism to deliver the correct version and soon will find it. In the meanwhile, you can try the |
@moez-qlik v12.0.2 published 🎉! |
thank you @3imed-jaberi <3 |
Steps to reproduce
Solution
Fix by upgrading
@koa/router
to depend on later version ofpath-to-regexp
?The text was updated successfully, but these errors were encountered: