Impossible to install because of violation detected

[localhero44]

Hi,
I would like to use the latest version, as I have used MSW in the past and it works great.
Unfortunately in my company I can't install it, because a violation (CVE) has been detected since two weeks on this dependency: path-to-regexp

Here is the CVE found by our IQ server : CVE-2024-45296

Could you upgrade this dependency? Currently it is 6.3.0

Regards
David

[kettanaito]

Hi.

This has been discussed and resolved. See #2270, #2277, and #2294. The fix is addressed on the path-to-regexp side, they've backported it to the version range compatible with the one required by MSW.

[davidperbal]

Sorry, I hadn't found any reference to the same problem before posting it, my fault.
So path-to-regexp 6.3.0 is patched, but that thus version that was identified as vulnerable at my company.
Then today I've found a way to ask for a new scan of the npm dependencies and this time I was able to install MSW in its latest version 😀