Looks like nise is pulling in a vulnerable version of path-to-regexp https://github.com/advisories/GHSA-9wv6-86v2-598j
