CVE-2024-45296: path-to-regexp update needed

mswjs / msw

Industry standard API mocking for JavaScript.

https://mswjs.io

MIT License

15.97k stars 519 forks source link

CVE-2024-45296: path-to-regexp update needed #2277

Closed steuraa closed 2 months ago

steuraa commented 2 months ago

Scope

Improves an existing behavior

Compatibility

[ ] This is a breaking change

Feature description

Hello, currently we can't build our application anymore due to MSW having the path-to-regexp package as a dependency which is causing a CVE warning. See https://nvd.nist.gov/vuln/detail/CVE-2024-45296. Is there any change this could be quickly patched?

paulo9mv commented 2 months ago

https://github.com/pillarjs/path-to-regexp/issues/323

steuraa commented 2 months ago

Closing this as it's a duplicate of https://github.com/mswjs/msw/issues/2270