Fix for GHSA-rhx6-c78j-4q9w#756

Closed

github-actions[bot] wants to merge 1 commit intomainfrom

socket/fix/GHSA-rhx6-c78j-4q9w

github-actions bot commented Sep 28, 2025

Socket fix for GHSA-rhx6-c78j-4q9w.

Vulnerability Summary: path-to-regexp contains a ReDoS

Severity: HIGH

Affected Packages: path-to-regexp (NPM)


          fix: GHSA-rhx6-c78j-4q9w - path-to-regexp contains a ReDoS

cd7de7a

github-actions bot enabled auto-merge (squash)

September 28, 2025 00:19

socket-security bot commented Sep 28, 2025

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/path-to-regexp@0.1.12
	npm/merge-descriptors@1.0.3
	npm/encodeurl@2.0.0
	npm/qs@6.13.0
	npm/finalhandler@1.3.1
	npm/serve-static@1.16.2
	npm/body-parser@1.20.3
	npm/send@0.19.0
	npm/cookie@0.7.1
	npm/express@4.21.2
	npm/raw-body@2.5.2

View full report

socket-security-staging bot commented Sep 28, 2025

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/path-to-regexp@0.1.12
	npm/merge-descriptors@1.0.3
	npm/encodeurl@2.0.0
	npm/qs@6.13.0
	npm/finalhandler@1.3.1
	npm/serve-static@1.16.2
	npm/body-parser@1.20.3
	npm/send@0.19.0
	npm/cookie@0.7.1
	npm/express@4.21.2
	npm/raw-body@2.5.2

View full report

jdalton closed this

auto-merge was automatically disabled

October 1, 2025 16:10

Pull request was closed

jdalton deleted the socket/fix/GHSA-rhx6-c78j-4q9w branch

October 6, 2025 18:57

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet