NPM Audit reveals high vulnerability in static expiry

[SamBroner]

NPM audit reveals high vulnerability issues in dependency. This is fixable by revving fresh to 0.5.2

┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Regular Expression Denial of Service │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ fresh │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >= 0.5.2 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ static-expiry │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ static-expiry > fresh │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/526 │ └───────────────┴──────────────────────────────────────────────────────────────┘

[ethanresnick]

Thanks @SamBroner. I've pushed a commit to fix this. I don't think I have npm publishing permissions, though, so @paulwalker's gonna have to take care of that.

[Mihailoff]

@paulwalker

[plavski]

@paulwalker getting this update published would be very useful, thanks

[apolunin]

Thank you @ethanresnick for fixing this problem! @paulwalker it would be awesome if you could find time to publish a new version to npm registry with vulnerability issue fixed.

Thank you in advance

[jorgecolonconsulting]

You could still install the static-expiry version with the security fix by installing it directly from github using the commit version: npm install paulwalker/connect-static-expiry#2bac82d. Not as flexible as relying on semver, but it's a decent workaround while the commit gets tagged and published to npm.