Startsida Utforska Hjälp
Registrera dig Logga in
root
/
HeyPuter
spegling av https://github.com/HeyPuter/puter.git
1
0
Fork 0
Filer Ärenden 0 Wiki
Bläddra i källkod

fix(security): patch express via path-to-regexp

As far as I can tell from the block post:
https://blakeembrey.com/posts/2024-09-web-redos/
this vulnerability should not affect releases of Puter before this
update because we do not have any routes with multiple parameters where
the second parameter does not start with '.' or '/'.

However, for the sake of good security hygiene and so `npm audit` looks
nice, we're upgrading the package. (better late than never)
KernelDeimos 3 månader sedan
förälder
1cae7fc7d4
incheckning
d081c4f2fe
1 ändrade filer med 11 tillägg och 7 borttagningar
Unifierad Vy Visa Diff Statistik
  1. 11 7
      package-lock.json

+ 11 - 7
package-lock.json
Visa fil 

@@ -10305,9 +10305,9 @@
 
       }
 
       }
 
     },
 
     },
 
     "node_modules/express": {
 
     "node_modules/express": {
 
-      "version": "4.21.1",
 
-      "resolved": "https://registry.npmjs.org/express/-/express-4.21.1.tgz",
 
-      "integrity": "sha512-YSFlK1Ee0/GC8QaO91tHcDxJiE/X4FbpAyQWkxAvG6AXCuR65YzK8ua6D9hvi/TzUfZMpc+BwuM1IPw8fmQBiQ==",
 
+      "version": "4.21.2",
 
+      "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz",
 
+      "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==",
 
       "dependencies": {
 
       "dependencies": {
 
         "accepts": "~1.3.8",
 
         "accepts": "~1.3.8",
 
         "array-flatten": "1.1.1",
 
         "array-flatten": "1.1.1",
 
@@ -10328,7 +10328,7 @@
 
         "methods": "~1.1.2",
 
         "methods": "~1.1.2",
 
         "on-finished": "2.4.1",
 
         "on-finished": "2.4.1",
 
         "parseurl": "~1.3.3",
 
         "parseurl": "~1.3.3",
 
-        "path-to-regexp": "0.1.10",
 
+        "path-to-regexp": "0.1.12",
 
         "proxy-addr": "~2.0.7",
 
         "proxy-addr": "~2.0.7",
 
         "qs": "6.13.0",
 
         "qs": "6.13.0",
 
         "range-parser": "~1.2.1",
 
         "range-parser": "~1.2.1",
 
@@ -10343,6 +10343,10 @@
 
       },
 
       },
 
       "engines": {
 
       "engines": {
 
         "node": ">= 0.10.0"
 
         "node": ">= 0.10.0"
 
+      },
 
+      "funding": {
 
+        "type": "opencollective",
 
+        "url": "https://opencollective.com/express"
 
       }
 
       }
 
     },
 
     },
 
     "node_modules/express/node_modules/cookie": {
 
     "node_modules/express/node_modules/cookie": {
 
@@ -14329,9 +14333,9 @@
 
       "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw=="
 
       "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw=="
 
     },
 
     },
 
     "node_modules/path-to-regexp": {
 
     "node_modules/path-to-regexp": {
 
-      "version": "0.1.10",
 
-      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.10.tgz",
 
-      "integrity": "sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w=="
 
+      "version": "0.1.12",
 
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz",
 
+      "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ=="
 
     },
 
     },
 
     "node_modules/path-type": {
 
     "node_modules/path-type": {
 
       "version": "4.0.0",
 
       "version": "4.0.0",