Skip to content

chore(deps): upgrade path-to-regexp to fix CVE#5769

Merged
Gbacc merged 2 commits intomasterfrom
gbacc/chore/dependabot-path-to-regexp-2
Mar 31, 2026
Merged

chore(deps): upgrade path-to-regexp to fix CVE#5769
Gbacc merged 2 commits intomasterfrom
gbacc/chore/dependabot-path-to-regexp-2

Conversation

@Gbacc
Copy link
Copy Markdown
Contributor

@Gbacc Gbacc commented Mar 31, 2026

What is the problem this PR is trying to solve?
upgrade path-to-regexp to fix CVE

What is the chosen solution to this problem?

Please check if the PR fulfills these requirements

  • The PR have used yarn changeset to a request a release from the CI if wanted.
  • The PR commit message follows our guidelines
  • Tests for the changes have been added (for bug fixes / features) And non reg done before need review
  • Docs have been added / updated (for bug fixes / features)
  • Related design / discussions / pages (not in jira), if any, are all linked or available in the PR

[ ] This PR introduces a breaking change

@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented Mar 31, 2026
edited
Loading

🦋 Changeset detected

Latest commit: be347a4

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages
Name Type
@talend/react-cmf-router Minor
@talend/react-cmf Minor
@talend/react-forms Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@Gbacc Gbacc temporarily deployed to pull_request_unsafe March 31, 2026 06:52 — with GitHub Actions Inactive
@Gbacc Gbacc temporarily deployed to pull_request_unsafe March 31, 2026 06:52 — with GitHub Actions Inactive
@Gbacc Gbacc had a problem deploying to pull_request_unsafe March 31, 2026 06:52 — with GitHub Actions Failure
@Gbacc Gbacc temporarily deployed to pull_request_unsafe March 31, 2026 06:52 — with GitHub Actions Inactive
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 31, 2026

Storybook for this PR deployed on this github page

@Gbacc Gbacc temporarily deployed to pull_request_unsafe March 31, 2026 08:33 — with GitHub Actions Inactive
@Gbacc Gbacc temporarily deployed to pull_request_unsafe March 31, 2026 08:33 — with GitHub Actions Inactive
@Gbacc Gbacc temporarily deployed to pull_request_unsafe March 31, 2026 08:33 — with GitHub Actions Inactive
@Gbacc Gbacc temporarily deployed to pull_request_unsafe March 31, 2026 08:33 — with GitHub Actions Inactive
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 31, 2026

Title Lines Statements Branches Functions
assets-api Coverage: 28%
 28.4% (25/88) 30.76% (16/52) 21.42% (3/14)
cmf Coverage: 89%
 89.43% (1244/1391) 83.46% (626/750) 89.76% (351/391)
cmf-cqrs Coverage: 86%
 86.33% (158/183) 71.42% (60/84) 82.45% (47/57)
cmf-router Coverage: 70%
 69.23% (135/195) 55.71% (78/140) 56.81% (25/44)
components Coverage: 90%
 90.77% (5577/6144) 82.41% (3228/3917) 88.21% (1400/1587)
containers Coverage: 84%
 83.61% (1393/1666) 75.16% (702/934) 75.05% (328/437)
dataviz Coverage: 85%
 85.71% (330/385) 65.28% (158/242) 75.94% (120/158)
design-system Coverage: 67%
 67.03% (1041/1553) 51.95% (558/1074) 53.92% (220/408)
faceted-search Coverage: 85%
 85.21% (634/744) 80% (292/365) 82.24% (227/276)
flow-designer Coverage: 73%
 72.34% (675/933) 77.71% (415/534) 71.02% (201/283)
forms Coverage: 86%
 86.17% (1645/1909) 76.71% (939/1224) 84.77% (462/545)
http Coverage: 100%
 100% (85/85) 98.07% (51/52) 100% (34/34)
sagas Coverage: 92%
 92.3% (24/26) 66.66% (4/6) 50% (2/4)
stepper Coverage: 81%
 81.91% (154/188) 61.29% (57/93) 81.25% (39/48)
utils Coverage: 100%
 100% (73/73) 90.9% (10/11) 100% (24/24)

jmfrancois
jmfrancois reviewed Mar 31, 2026
View reviewed changes
Comment thread packages/cmf-router/package.json
"connected-react-router": "^6.9.3",
"history": "^5.3.0",
"lodash": "^4.17.23",
"path-to-regexp": "^8.3.0",
Copy link
Copy Markdown
Contributor

@jmfrancois jmfrancois Mar 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you said upgrade but you remove it from here

Copy link
Copy Markdown
Contributor Author

@Gbacc Gbacc Mar 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not used in this package 👍

@Gbacc Gbacc merged commit 5d7e74e into master Mar 31, 2026
9 checks passed
@Gbacc Gbacc deleted the gbacc/chore/dependabot-path-to-regexp-2 branch March 31, 2026 09:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jmfrancois jmfrancois jmfrancois approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Gbacc @jmfrancois