Update vulnerable path-to-regexp dependency

[nhardy]

Updates path-to-regexp to resolve GHSA-9wv6-86v2-598j

[changeset-bot]

⚠️ No Changeset found

Latest commit: 91e186d

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
open-next	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Sep 11, 2024 1:07am

[khuezy]

Thank you!

[conico974]

Did you test this ? Jumping 2 major version and being out of sync with nextjs itself ( they are still on 6.1 ) will probably cause some trouble.
6.3.0 also include the fix without any breaking change, that's probably what we want to use

[nhardy]

At the time I raised this PR, only v8 had patched the issue, and v6 was still vulnerable. I had been using this with npm overrides without issue.

Given that a patch now exists for v6, I can revert back to v6 if that improves confidence?

[conico974]

Yeah that's probably better, there might be some edge case that are broken and it will be a pain to debug later

[conico974]

@nhardy Could you make this change please