Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade express to 4.21.2 #14718

Open
rschnekenbu opened this issue Jan 13, 2025 · 0 comments · May be fixed by #14721
Open

Upgrade express to 4.21.2 #14718

rschnekenbu opened this issue Jan 13, 2025 · 0 comments · May be fixed by #14721
Assignees
@rschnekenbu
Labels
core issues related to the core of the application dependencies pull requests that update a dependency file

Comments

@rschnekenbu
Copy link
Contributor

According to https://security.snyk.io/vuln/SNYK-JS-PATHTOREGEXP-8482416, versions of path-to-regex lower than 0.1.12 can be affected by a REDoS (Regular Expression Denial of Service). The path-to-regex dependency comes from express. Express 4.21.1 (current) drags path-to-regex 0.1.10.
Dependencies to express shall be updated to ^4.21.2 in package/core.

Note: a PR with a npm upgrade contains already version 4.21.2.
@rschnekenbu rschnekenbu added core issues related to the core of the application dependencies pull requests that update a dependency file labels Jan 13, 2025
@rschnekenbu rschnekenbu self-assigned this Jan 13, 2025
rschnekenbu added a commit to eclipsesource/theia that referenced this issue Jan 13, 2025
@rschnekenbu
[chore] upgrade express to 4.21.2
377e8e0 
fixes: eclipse-theia#14718

contributed on behalf of STMicroelectronics

Signed-off-by: Remi Schnekenburger <[email protected]>
@rschnekenbu rschnekenbu linked a pull request Jan 13, 2025 that will close this issue
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rschnekenbu rschnekenbu

Labels
core issues related to the core of the application dependencies pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[chore] upgrade express to 4.21.2 eclipsesource/theia
1 participant
@rschnekenbu