We have two Dependabot security reports regarding the path-to-regexp version and since we use firebase-tools, I believe it's coming from this package. This Dependabot PR #476 here would resolve it since the router package also depends on a vulnerable path-to-regexp version so both need to be updated. Worth noting that the router package is a major version update.
We have two Dependabot security reports regarding the path-to-regexp version and since we use firebase-tools, I believe it's coming from this package. This Dependabot PR #476 here would resolve it since the router package also depends on a vulnerable path-to-regexp version so both need to be updated. Worth noting that the router package is a major version update.