Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update path-to-regex COMPASS-8282 #6233

Merged
merged 1 commit into from
Sep 12, 2024
Merged

Conversation

mabaasit
Copy link
Contributor

Currently there are many tickets on FR dashboard with this vulnerability (from COMPASS-8282 to COMPASS-8287).

Description

Checklist

Motivation and Context

  • Bugfix
  • New feature
  • Dependency update
  • Misc

Open Questions

Dependents

Types of changes

  • Backport Needed
  • Patch (non-breaking change which fixes an issue)
  • Minor (non-breaking change which adds functionality)
  • Major (fix or feature that would cause existing functionality to change)

@github-actions github-actions bot added the fix label Sep 12, 2024
@mabaasit mabaasit added no release notes Fix or feature not for release notes labels Sep 12, 2024
@gribnoysup
Copy link
Collaborator

All the tickets mention that we need to update to version 8:

File: packages/compass-query-bar/package.json
Upgrade path-to-regexp to version 8.0.0 or higher.
The minimum required version is 8.0.0.

And I see that this patch updates to latest 1 and latest 6. Will this be enough to resolve these issues?

@mabaasit
Copy link
Contributor Author

mabaasit commented Sep 12, 2024

All the tickets mention that we need to update to version 8:

File: packages/compass-query-bar/package.json
Upgrade path-to-regexp to version 8.0.0 or higher.
The minimum required version is 8.0.0.

And I see that this patch updates to latest 1 and latest 6. Will this be enough to resolve these issues?

Yeah this took me long to figure out, but they backpatched this fix to other major version as well, 6.3.0, 3.3.0, 1.9.0

@gribnoysup
Copy link
Collaborator

Gotcha, thanks for the context!

@mabaasit mabaasit merged commit ce9cb72 into main Sep 12, 2024
26 of 28 checks passed
@mabaasit mabaasit deleted the bump-path-to-regexp branch September 12, 2024 14:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
fix no release notes Fix or feature not for release notes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants