path-to-regex 6.3.0 version is being blocked by scanning applications

[nickmorten]

Prerequisites

• [X] I confirm my issue is not in the opened issues
• [X] I confirm the Frequently Asked Questions didn't contain the answer to my issue

Environment check

• [X] I'm using the latest msw version
• [X] I'm using Node.js version 18 or higher

Browsers

No response

Reproduction repository

n/a

Reproduction steps

My organization's scanning software is reporting a high vulnerability with using path-to-regexp v6.3.0. We tried to override it to 8.0.0 or 8.1.0, but msw fails when we do that.

Current behavior

My organization's scanning software is reporting a high vulnerability with using path-to-regexp v6.3.0. We tried to override it to 8.0.0 or 8.1.0, but msw fails when we do that.

Expected behavior

We would like to continue using msw for mocking APIs and unit tests, but are currently blocked.

[kettanaito]

Hi. Please see https://github.com/mswjs/msw/issues/2270. The vulnerability fix has been backported to the version of path-to-regexp matching the semver used in MSW. Nothing we should do here.