search

d-rec / drec-origin

D-REC Origin
https://d-rec.github.io/drec-origin/
GNU General Public License v3.0
8 stars 1 forks source link

Fix Required: Express.js Open Redirect in malformed URLs #257 #333

Open Aish1990 opened 5 months ago

Aish1990 commented 5 months ago

There are some libraries which has express as it's peer dependency.

@energyweb/origin-backend/11.0.2-alpha.1634225870.0_swagger-ui-express@4.1.6 => express: 4.17.1
@energyweb/origin-backend/11.0.2-alpha.1634225870.0_swagger-ui-express@4.1.6 => @nestjs/platform-express/7.6.18_ezseebmi4ciby6kdvs2gspf26q => express: 4.17.1
@energyweb/origin-backend-utils/1.6.2-alpha.1634225870.0_ebqzonq2psrptj7354jhe34g5u => @nestjs/core/7.6.18_gwggahupp437j5mwmtjcwxy6w4 => @nestjs/platform-express/8.1.1_svu4v2sifhq6njkoaosg5fk444 =>       express: 4.17.1
@nestjs/swagger/4.8.2_26tvd2ot6k3236a2sueujdzpjy => swagger-ui-express/4.1.6_express@4.19.2 => express: 4.19.2
@energyweb/issuer-api/0.6.2-alpha.1646058469.0_xopg3sgvptdwdhuxuxidphnbby => swagger-ui-express/4.2.0_express@4.19.2 => express: 4.19.2
@nestjs/swagger/5.1.4_zo6t4wn2mwd6lqe3hgh4ccaea4 => swagger-ui-express/4.2.0_express@4.19.2 => express: 4.19.2

[!NOTE] We have already upgraded the express greater than the patched version >4.19.2. But @energyweb/origin-backend and @nestjs/core is incompatible with the patched version of express.

So We need to resolve it only when the @energyweb/origin-backend and @nestjs/core releases which is compatible with express@4.19.2.