diff --git a/.yarnrc.yml b/.yarnrc.yml index 7fb86a083740..252333917781 100644 --- a/.yarnrc.yml +++ b/.yarnrc.yml @@ -43,17 +43,6 @@ npmAuditIgnoreAdvisories: # not appear to be used. - 1092461 - # Issue: path-to-regexp outputs backtracking regular expressions - # URL: https://github.com/advisories/GHSA-9wv6-86v2-598j - # path-to-regexp is used in react-router v5.1.2, which we use. However, the - # vulnerability in path-to-regexp could only be exploited within react-router - # if malicious properties were passed to react-router components or methods - # explicitly from our code. As such, this vulneratibility cannot be exploited - # by an external / malicious actor. Meanwhile, once we update to v6+, - # path-to-regexp will no longer be used. - - 1099518 - - 1099539 - # Temp fix for https://github.com/MetaMask/metamask-extension/pull/16920 for the sake of 11.7.1 hotfix # This will be removed in this ticket https://github.com/MetaMask/metamask-extension/issues/22299 - 'ts-custom-error (deprecation)' diff --git a/lavamoat/browserify/beta/policy.json b/lavamoat/browserify/beta/policy.json index 4848512457ac..7bc5d9558390 100644 --- a/lavamoat/browserify/beta/policy.json +++ b/lavamoat/browserify/beta/policy.json @@ -5235,7 +5235,7 @@ "react-router-dom>react-router>mini-create-react-context": true, "react-router-dom>tiny-invariant": true, "react-router-dom>tiny-warning": true, - "sinon>nise>path-to-regexp": true + "serve-handler>path-to-regexp": true } }, "react-router-dom>react-router>history": { @@ -5385,9 +5385,9 @@ "process": true } }, - "sinon>nise>path-to-regexp": { + "serve-handler>path-to-regexp": { "packages": { - "sinon>nise>path-to-regexp>isarray": true + "serve-handler>path-to-regexp>isarray": true } }, "stream-browserify": { diff --git a/lavamoat/browserify/flask/policy.json b/lavamoat/browserify/flask/policy.json index 4848512457ac..7bc5d9558390 100644 --- a/lavamoat/browserify/flask/policy.json +++ b/lavamoat/browserify/flask/policy.json @@ -5235,7 +5235,7 @@ "react-router-dom>react-router>mini-create-react-context": true, "react-router-dom>tiny-invariant": true, "react-router-dom>tiny-warning": true, - "sinon>nise>path-to-regexp": true + "serve-handler>path-to-regexp": true } }, "react-router-dom>react-router>history": { @@ -5385,9 +5385,9 @@ "process": true } }, - "sinon>nise>path-to-regexp": { + "serve-handler>path-to-regexp": { "packages": { - "sinon>nise>path-to-regexp>isarray": true + "serve-handler>path-to-regexp>isarray": true } }, "stream-browserify": { diff --git a/lavamoat/browserify/main/policy.json b/lavamoat/browserify/main/policy.json index 4848512457ac..7bc5d9558390 100644 --- a/lavamoat/browserify/main/policy.json +++ b/lavamoat/browserify/main/policy.json @@ -5235,7 +5235,7 @@ "react-router-dom>react-router>mini-create-react-context": true, "react-router-dom>tiny-invariant": true, "react-router-dom>tiny-warning": true, - "sinon>nise>path-to-regexp": true + "serve-handler>path-to-regexp": true } }, "react-router-dom>react-router>history": { @@ -5385,9 +5385,9 @@ "process": true } }, - "sinon>nise>path-to-regexp": { + "serve-handler>path-to-regexp": { "packages": { - "sinon>nise>path-to-regexp>isarray": true + "serve-handler>path-to-regexp>isarray": true } }, "stream-browserify": { diff --git a/lavamoat/browserify/mmi/policy.json b/lavamoat/browserify/mmi/policy.json index d9ea8f27bd6b..56d317bb3381 100644 --- a/lavamoat/browserify/mmi/policy.json +++ b/lavamoat/browserify/mmi/policy.json @@ -5303,7 +5303,7 @@ "react-router-dom>react-router>mini-create-react-context": true, "react-router-dom>tiny-invariant": true, "react-router-dom>tiny-warning": true, - "sinon>nise>path-to-regexp": true + "serve-handler>path-to-regexp": true } }, "react-router-dom>react-router>history": { @@ -5453,9 +5453,9 @@ "process": true } }, - "sinon>nise>path-to-regexp": { + "serve-handler>path-to-regexp": { "packages": { - "sinon>nise>path-to-regexp>isarray": true + "serve-handler>path-to-regexp>isarray": true } }, "stream-browserify": { diff --git a/package.json b/package.json index 8b06a8da37f8..661a7ae49aa0 100644 --- a/package.json +++ b/package.json @@ -268,7 +268,8 @@ "@trezor/connect-web@npm:^9.1.11": "patch:@trezor/connect-web@npm%3A9.3.0#~/.yarn/patches/@trezor-connect-web-npm-9.3.0-040ab10d9a.patch", "@metamask/network-controller@npm:^17.0.0": "patch:@metamask/network-controller@npm%3A21.0.0#~/.yarn/patches/@metamask-network-controller-npm-21.0.0-559aa8e395.patch", "@metamask/network-controller@npm:^19.0.0": "patch:@metamask/network-controller@npm%3A21.0.0#~/.yarn/patches/@metamask-network-controller-npm-21.0.0-559aa8e395.patch", - "@metamask/network-controller@npm:^20.0.0": "patch:@metamask/network-controller@npm%3A21.0.0#~/.yarn/patches/@metamask-network-controller-npm-21.0.0-559aa8e395.patch" + "@metamask/network-controller@npm:^20.0.0": "patch:@metamask/network-controller@npm%3A21.0.0#~/.yarn/patches/@metamask-network-controller-npm-21.0.0-559aa8e395.patch", + "path-to-regexp": "1.9.0" }, "dependencies": { "@babel/runtime": "patch:@babel/runtime@npm%3A7.24.0#~/.yarn/patches/@babel-runtime-npm-7.24.0-7eb1dd11a2.patch", diff --git a/yarn.lock b/yarn.lock index 5ed7417fb56a..dd7cde16b875 100644 --- a/yarn.lock +++ b/yarn.lock @@ -28979,26 +28979,12 @@ __metadata: languageName: node linkType: hard -"path-to-regexp@npm:0.1.7": - version: 0.1.7 - resolution: "path-to-regexp@npm:0.1.7" - checksum: 10/701c99e1f08e3400bea4d701cf6f03517474bb1b608da71c78b1eb261415b645c5670dfae49808c89e12cea2dccd113b069f040a80de012da0400191c6dbd1c8 - languageName: node - linkType: hard - -"path-to-regexp@npm:2.2.1": - version: 2.2.1 - resolution: "path-to-regexp@npm:2.2.1" - checksum: 10/1a7125f8c1b5904d556a29722333219df4aa779039e903efe2fbfe0cc3ae9246672846fc8ad285664020b70e434347e0bc9af691fd7d61df8eaa7b018dcd56fb - languageName: node - linkType: hard - -"path-to-regexp@npm:^1.7.0": - version: 1.7.0 - resolution: "path-to-regexp@npm:1.7.0" +"path-to-regexp@npm:1.9.0": + version: 1.9.0 + resolution: "path-to-regexp@npm:1.9.0" dependencies: isarray: "npm:0.0.1" - checksum: 10/7e1275a34fcfed7ba9d0d82ea7149f0c87d8c941c9b34109ab455cceb783b6387ce9275deeb6519eb0f880777a44bcb387cd579d3bb0cfbf4e7fe93c0e3b1a69 + checksum: 10/67f0f4823f7aab356523d93a83f9f8222bdd119fa0b27a8f8b587e8e6c9825294bb4ccd16ae619def111ff3fe5d15ff8f658cdd3b0d58b9c882de6fd15bc1b76 languageName: node linkType: hard