Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump path-to-regexp, express, nanoid #2365

Merged
merged 3 commits into from
Dec 10, 2024
Merged

Bump path-to-regexp, express, nanoid #2365

merged 3 commits into from
Dec 10, 2024

Conversation

r100-stack
Copy link
Member

@r100-stack r100-stack commented Dec 9, 2024
edited
Loading

Changes

Fixes GHSA-rhx6-c78j-4q9w:

Bumps express (an indirect peer dependency) from 4.21.0 to 4.21.2. This in-turns bumps path-to-regexp from 0.1.10 to 0.1.12 to fix the advisory.

Fixes GHSA-mwcw-c2x4-8c55:

Bumps nanoid@<3.3.8 to 3.3.8 and nanoid@>=4.0.0 <5.0.9 to >=5.0.9. Closes #2366 in favor of this PR since that PR didn't fix the advisory completely (run).

Testing

  • Confirmed that the audit is fixed
  • CI is passing

Docs

According to pnpm why express and pnpm why path-to-regexp, express and path-to-regexp were only used in a dep workspace (e2e).

pnpm why outputs
pnpm why express pnpm why path-to-regexp
image image

According to pnpm why nanoid, it is also only used in a dev workspace:

pnpm why output image

Thus, no changeset added. But I'm not quite sure if pnpm why's outputs were exhaustive.

@r100-stack r100-stack self-assigned this Dec 9, 2024
@r100-stack r100-stack changed the title Bump path-to-regexp to fix audit Bump path-to-regexp and express Dec 9, 2024
@r100-stack r100-stack changed the title Bump path-to-regexp and express Bump path-to-regexp, express, nanoid Dec 10, 2024
@r100-stack r100-stack mentioned this pull request Dec 10, 2024
Closed
@r100-stack r100-stack marked this pull request as ready for review December 10, 2024 15:12
@r100-stack r100-stack requested a review from a team as a code owner December 10, 2024 15:12
@r100-stack r100-stack requested review from mayank99 and smmr-dn and removed request for a team December 10, 2024 15:12
@r100-stack r100-stack enabled auto-merge (squash) December 10, 2024 18:09
@r100-stack r100-stack merged commit ab3fd0d into main Dec 10, 2024
18 checks passed
@r100-stack r100-stack deleted the r/audit-2 branch December 10, 2024 18:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smmr-dn smmr-dn smmr-dn approved these changes

@mayank99 mayank99 mayank99 approved these changes

Assignees

@r100-stack r100-stack

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@r100-stack @mayank99 @smmr-dn