Add resolution for outdated path-to-regexp package

alanz · facebook-github-bot · commit 397f97c4561c · 2024-09-10T03:58:50.000-07:00
Summary: This is to address the [dependabot alert](https://github.com/WhatsApp/erlang-language-platform/security/dependabot/32) Note: I tried increasing beyond 0.8.00 as per the vulnerabilitiy report (>= 0.2.0, < 8.0.0), but compilation failed, so went below the lower bound instead. It should probably be raised in furture. allow-large-files for the stored path-to-regexp dependency Reviewed By: michalmuskala Differential Revision: D62433876 fbshipit-source-id: ff486a244c21015b0a17bd665ff0b2bec1a547d5
diff --git a/website/package.json b/website/package.json
@@ -58,6 +58,7 @@
     "ws": ">=8.17.1",
     "axios": ">=1.7.4",
     "micromatch": ">=4.0.8",
-    "webpack": "5.94.0"
+    "webpack": "5.94.0",
+    "path-to-regexp": "<0.2.0"
   }
 }
diff --git a/website/yarn.lock b/website/yarn.lock
@@ -5839,11 +5839,6 @@ is-yarn-global@^0.3.0:
   resolved "https://registry.yarnpkg.com/is-yarn-global/-/is-yarn-global-0.3.0.tgz#d502d3382590ea3004893746754c89139973e232"
   integrity sha512-VjSeb/lHmkoyd8ryPVIKvOCn4D1koMqY+vqyjjUfc3xyKtP4dYOxM44sZrnqQSzSds3xyOrUTLTC9LVCVgLngw==
 
-isarray@0.0.1:
-  version "0.0.1"
-  resolved "https://registry.yarnpkg.com/isarray/-/isarray-0.0.1.tgz#8a18acfca9a8f4177e09abfc6038939b05d1eedf"
-  integrity sha512-D2S+3GLxWH+uhrNEcoh/fnmYeP8E8/zHl644d/jdA0g2uyXvy3sb0qxotE+ne0LtccHknQzWwZEzhak7oJ0COQ==
-
 isarray@~1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/isarray/-/isarray-1.0.0.tgz#bb935d48582cba168c06834957a54a3e07124f11"
@@ -7398,22 +7393,10 @@ path-root@^0.1.1:
   dependencies:
     path-root-regex "^0.1.0"
 
-path-to-regexp@0.1.7:
-  version "0.1.7"
-  resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-0.1.7.tgz#df604178005f522f15eb4490e7247a1bfaa67f8c"
-  integrity sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ==
-
-path-to-regexp@2.2.1:
-  version "2.2.1"
-  resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-2.2.1.tgz#90b617025a16381a879bc82a38d4e8bdeb2bcf45"
-  integrity sha512-gu9bD6Ta5bwGrrU8muHzVOBFFREpp2iRkVfhBJahwJ6p6Xw20SjT0MxLnwkjOibQmGSYhiUnf2FLe7k+jcFmGQ==
-
-path-to-regexp@^1.7.0:
-  version "1.8.0"
-  resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-1.8.0.tgz#887b3ba9d84393e87a0a0b9f4cb756198b53548a"
-  integrity sha512-n43JRhlUKUAlibEJhPeir1ncUID16QnEjNpwzNdO3Lm4ywrBpBZ5oLD0I6br9evr1Y9JTqwRtAh7JLoOzAQdVA==
-  dependencies:
-    isarray "0.0.1"
+path-to-regexp@0.1.7, path-to-regexp@2.2.1, path-to-regexp@<0.2.0, path-to-regexp@^1.7.0:
+  version "0.1.10"
+  resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-0.1.10.tgz#67e9108c5c0551b9e5326064387de4763c4d5f8b"
+  integrity sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w==
 
 path-type@^4.0.0:
   version "4.0.0"

Original file line number	Diff line number	Diff line change
`@@ -58,6 +58,7 @@`
`58`	`58`	`"ws": ">=8.17.1",`
`59`	`59`	`"axios": ">=1.7.4",`
`60`	`60`	`"micromatch": ">=4.0.8",`
`61`		`- "webpack": "5.94.0"`
	`61`	`+ "webpack": "5.94.0",`
	`62`	`+ "path-to-regexp": "<0.2.0"`
`62`	`63`	`}`
`63`	`64`	`}`