Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: support react-router newer version like v6 (to avoid Vulnerability reporting) #29855

Closed
3 tasks done
kientrant1 opened this issue Sep 11, 2024 · 2 comments
Closed
3 tasks done

bug: support react-router newer version like v6 (to avoid Vulnerability reporting) #29855

kientrant1 opened this issue Sep 11, 2024 · 2 comments
Labels
triage

Comments

@kientrant1
Copy link

Prerequisites

Ionic Framework Version

v7.x

Current Behavior

There is one vulnerability report when using react-router v5. It relates to path-to-regexp in react-router v5 - GHSA-9wv6-86v2-598j. However, currently, @ionic/react-router only support with react-router v5 - https://github.com/ionic-team/ionic-framework/blob/main/packages/react-router/package.json. So, there is no change to upgrade it.

Expected Behavior

As I see, in react-router v6, the lib path-to-regexp has been removed. So, this issue may be resolved following that. Please help to review and see if @ionic/react-router can support the newer version of react-router - v6.

Steps to Reproduce

Just run "npm audit" and see blow report

path-to-regexp <=0.1.9 || 0.2.0 - 7.2.0 Severity: high path-to-regexp outputs backtracking regular expressions - https://github.com/advisories/GHSA-9wv6-86v2-598j path-to-regexp outputs backtracking regular expressions - https://github.com/advisories/GHSA-9wv6-86v2-598j No fix available node_modules/express/node_modules/path-to-regexp node_modules/path-to-regexp react-router 4.0.0-0 - 5.3.4 Depends on vulnerable versions of path-to-regexp node_modules/react-router @ionic/react-router * Depends on vulnerable versions of react-router Depends on vulnerable versions of react-router-dom node_modules/@ionic/react-router react-router-dom 4.0.0-beta.1 - 5.3.4 Depends on vulnerable versions of react-router node_modules/react-router-dom

Code Reproduction URL

https://github.com/ionic-team/ionic-framework/blob/main/packages/react-router/package.json

Ionic Info

Ionic:

Ionic CLI : 7.2.0
Ionic Framework : @ionic/react 7.8.3

Capacitor:

Capacitor CLI : 5.7.5
@capacitor/android : 5.7.5
@capacitor/core : 5.7.5
@capacitor/ios : 5.7.5

Cordova:

Cordova CLI : not installed
Cordova Platforms : not available
Cordova Plugins : not available

Utility:

cordova-res : not installed globally
native-run : 2.0.1

System:

Android SDK Tools : 26.1.1
NodeJS : v20.15.0
npm : 10.7.0
OS : Windows 10

Additional Information

No response
@ionitron-bot ionitron-bot bot added the triage label Sep 11, 2024
@brandyscarney
Copy link
Member

Thanks for the issue! Closing as a duplicate of #24177

@brandyscarney brandyscarney closed this as not planned Won't fix, can't repro, duplicate, stale Oct 1, 2024
@ionitron-bot Ionitron Bot
Copy link

ionitron-bot bot commented Oct 31, 2024

Thanks for the issue! This issue is being locked to prevent comments that are not relevant to the original issue. If this is still an issue with the latest version of Ionic, please create a new issue and ensure the template is fully filled out.

@ionitron-bot ionitron-bot bot locked and limited conversation to collaborators Oct 31, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brandyscarney @kientrant1