Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

page.js >=1.4.0 depends on vulnerable versions of path-to-regexp #616

Open
MarkBFamFour opened this issue Nov 6, 2024 · 1 comment
Open

page.js >=1.4.0 depends on vulnerable versions of path-to-regexp #616

MarkBFamFour opened this issue Nov 6, 2024 · 1 comment

Comments

@MarkBFamFour
Copy link

Hi,

Recently I started getting high severity warnings from npm that this library depends on vulnerable versions of path-to-regexp (in my case page.js 1.11.6 depends on path-to-regexp 1.2.1). Could this be remedied, or can I upgrade to path-to-regexp 1.9.0 for example to provide a secure path-to-regexp library for page.js?
@carlosmintfan carlosmintfan mentioned this issue Nov 14, 2024
Open
@crisward
Copy link

crisward commented Dec 9, 2024

Not sure if you've got around to fixing this. But one workaround is to use npm overrides.

More info here - https://medium.com/microsoftazure/how-to-fix-your-security-vulnerabilities-with-npm-override-c4b5be0ab4f6

For page.js the following should work ( you may need to change the version numbers based on the error)

  "overrides": {
    "[email protected]": "1.9.0"
  },

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@crisward @MarkBFamFour