socket-security[bot]
commented
1 week ago New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/path-to-regexp@0.1.10 | None | 0 |
6.38 kB | blakeembrey |
🚮 Removed packages: npm/path-to-regexp@0.1.7
The current version of path-to-regexp has a CVE open and causes audit warnings in downstream consumers of this package.
Upgrade to v0.10.0 as recommended in the advisory.
Tested on node v18.20.5.