Skip to content

Commit 13b0ee2

Browse files
ryanbas21ryanbas21
committed
fix(ci): remove path-to-regexp override that broke Express and MSW
The blanket `"path-to-regexp": "^8.4.0"` override forced all transitive consumers (Express v0.1.x, MSW v6.x) to v8 — a major breaking change that removed regex syntax support. The original versions (0.1.12, 6.3.0) were already patched for CVE-2024-45296 and not vulnerable.
1 parent 119386b commit 13b0ee2

2 files changed

Lines changed: 13 additions & 5 deletions

File tree

package.json

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -133,7 +133,6 @@
133133
"overrides": {
134134
"rollup": "^4.59.0",
135135
"undici@^7": "^7.24.0",
136-
"path-to-regexp": "^8.4.0",
137136
"picomatch@>=4": "^4.0.4",
138137
"picomatch@<3": "^2.3.2"
139138
}

pnpm-lock.yaml

Lines changed: 13 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)