Vulnarability found on path-to-regexp on latest starlite vesion

[sreejithkalarikkal]

How to fix the below vulnarability on latest version of starlite

┌─────────────────────┬────────────────────────────────────────────────────────┐
│ high │ path-to-regexp outputs backtracking regular │
│ │ expressions │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package │ path-to-regexp │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ >=0.2.0 <8.0.0 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions │ >=8.0.0 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths │ packages/healthelink-docs-prime > │
│ │ @astrojs/[email protected] > @astrojs/[email protected] > │
│ │ [email protected] > [email protected] │
│ │ │
│ │ packages/healthelink-docs-prime > │
│ │ @astrojs/[email protected] > [email protected] > │
│ │ [email protected] │
│ │ │
│ │ packages/healthelink-docs-prime > │
│ │ @astrojs/[email protected] > │
│ │ [email protected] > [email protected] > │
│ │ [email protected] │
│ │ │
│ │ ... Found 11 paths, run pnpm why path-to-regexp for │
│ │ more information │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info │ GHSA-9wv6-86v2-598j │
└─────────────────────┴────────────────────────────────────────────────────────┘
1 vulnerabilities found
Severity: 1 high

[delucis]

Thanks for the question @sreejithkalarikkal!

This vulnerability doesn’t really impact Starlight sites, but work is in progress in the Astro repo to fix this upstream.

You can follow this Astro issue, where I also commented explaining how this vulnerability impacts Astro (and therefore Starlight) sites.

[HiDeoo]

Closing this discussion as this issue has been fixed upstream in the Astro repo.