We depend on path-to-regexp, through the webserver framework Express, which I think is coming from webpack or docusaurus.
Versions of path-to-regexp 0.2.0 < version < 1.9.0 have a security vulnerability.
By explicitly specifying the version of path-to-regexp, yarn chooses the right versions for everything else.
We depend on path-to-regexp, through the webserver framework Express, which I think is coming from webpack or docusaurus.
Versions of path-to-regexp 0.2.0 < version < 1.9.0 have a security vulnerability. By explicitly specifying the version of path-to-regexp, yarn chooses the right versions for everything else.
Motivation
Address a security vulnerability
Have you read the Contributing Guidelines on pull requests?
Yes
Test Plan
Download nvm / node as needed (tested on node JS 20, Mac OS)
Then, install the website:
Last but not least, start the website on a local server, and browse it:
It should work normally.
Related Issues and PRs
None