Skip to content

Commit

Permalink
chore(audit): ignore path-to-regexp outputs backtracking regular expr…
Browse files Browse the repository at this point in the history
…essions (#1350)

GHSA-9wv6-86v2-598j

The proposed fix for this breaks react-router, but since a redos attack
on a client side web app only breaks the attackers browser, just ignore
the audit warning.
  • Loading branch information
tackley authored Sep 11, 2024
1 parent e7ee1b8 commit 3e6d2e9
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 8 deletions.
8 changes: 6 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -115,8 +115,12 @@
"pnpm": {
"overrides": {
"ws@>=8.0.0 <8.17.1": ">=8.17.1",
"micromatch@<4.0.8": ">=4.0.8",
"path-to-regexp@>=0.2.0 <8.0.0": ">=8.0.0"
"micromatch@<4.0.8": ">=4.0.8"
},
"auditConfig": {
"ignoreGhsas": [
"GHSA-9wv6-86v2-598j"
]
}
},
"packageManager": "pnpm@9.10.0+sha512.73a29afa36a0d092ece5271de5177ecbf8318d454ecd701343131b8ebc0c1a91c487da46ab77c8e596d6acf1461e3594ced4becedf8921b074fbd8653ed7051c"
Expand Down
17 changes: 11 additions & 6 deletions pnpm-lock.yaml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 3e6d2e9

Please sign in to comment.