serve-handler currently uses version 3.3.0 of path-to-regexp which is flagged as containing a high vuln by NIST and several scanners (CVE-2026-4926). Affected versions of path-to-regexp are >=8.0.0<=8.3.0.
path-to-regexp should be bumped to version 8.4.0 (according to GitHub Advisory Database and Snyk) to mitigate high vuln.
Please fix when possible!
serve-handlercurrently uses version 3.3.0 ofpath-to-regexpwhich is flagged as containing a high vuln by NIST and several scanners (CVE-2026-4926). Affected versions ofpath-to-regexpare >=8.0.0<=8.3.0.path-to-regexpshould be bumped to version 8.4.0 (according to GitHub Advisory Database and Snyk) to mitigate high vuln.Please fix when possible!