Closed
Description
Is there an existing issue for this?
- I have searched the existing issues
Current behavior
https://github.com/nestjs/serve-static/blob/master/package.json#L70
This pinned version is affected by https://nvd.nist.gov/vuln/detail/CVE-2024-45296
Please update it!
Minimum reproduction code
https://github.com/nestjs/serve-static/blob/master/package.json#L70
Steps to reproduce
No response
Expected behavior
Package is updated to a version without the CVE.
Maybe dependencies should not be pinned since it requires all projects to release a new version instead of the consuming projects to update the transitive dependencies itself. FWIW: https://docs.npmjs.com/specifying-dependencies-and-devdependencies-in-a-package-json-file#manually-editing-the-packagejson-file
Package version
4.0.2
NestJS version
No response
Node.js version
No response
In which operating systems have you tested?
- macOS
- Windows
- Linux
Other
No response