search

mui / toolpad

Toolpad: Full stack components and low-code builder for dashboards and internal apps.
https://mui.com/toolpad/
MIT License
964 stars 243 forks source link

@toolpad/core 6 depends on vulnerable versions of path-to-regexp #4125

Open nicolo-tito opened 2 hours ago

nicolo-tito commented 2 hours ago

Steps to reproduce

npm audit on "@toolpad/core": "^0.6.0"

Current behavior

npm audit report

path-to-regexp 4.0.0 - 6.2.2 Severity: high path-to-regexp outputs backtracking regular expressions - https://github.com/advisories/GHSA-9wv6-86v2-598j fix available via npm audit fix --force Will install @toolpad/core@0.5.2, which is a breaking change node_modules/path-to-regexp @toolpad/core >=0.6.0 Depends on vulnerable versions of path-to-regexp node_modules/@toolpad/core

Expected behavior

No response

Context

No response

Your environment

No response

Search keywords: path-to-regexp

Janpot commented 2 hours ago

We're working on this in https://github.com/mui/toolpad/pull/4074