High severity vulnerabilities / serve-handler / path-to-regexp #811
Description
Description
serve@14.2.3 contains 3 high severity vulnerabilities
$ npm audit
# npm audit report
path-to-regexp 0.2.0 - 7.2.0
Severity: high
path-to-regexp outputs backtracking regular expressions - https://github.com/advisories/GHSA-9wv6-86v2-598j
fix available via `npm audit fix --force`
Will install serve@6.5.8, which is a breaking change
node_modules/path-to-regexp
serve-handler *
Depends on vulnerable versions of path-to-regexp
node_modules/serve-handler
serve >=7.0.0
Depends on vulnerable versions of serve-handler
node_modules/serve
3 high severity vulnerabilities
due to serve-handler@6.1.5 - current latest version released Nov 1, 2022
$ npm ls path-to-regexp
serve-test@1.0.0
└─┬ serve@14.2.3
└─┬ serve-handler@6.1.5
└── path-to-regexp@2.2.1
Please remediate the vulnerabilities!
Library version
14.2.3
Node version
v20.17.0