fix(securite): fix vulnerabilities by Abdel-Monaam-Aouini · Pull Request #6211 · expressjs/express
That's some major change with connect-redis. I guess it is used only in the examples,
There are already individual PRs that do this, I'm writing this from my phone, so I can't search for them easily.
I thought we had decided to move these examples out of the main repo?I cant find the issue right now, but I think @UlisesGascon opened it? If so, I dont think we should go about updating them here.
Ah thanks for finding that. Yeah I think we need to re-visit that soon here. Either way, I am not sure doing this large update of versions for the dev deps is a good idea either, it opens the door for a bunch of other problems (mainly that we need to vet them all and dont have time for that) and I would rather see us removing things then spending time updating them when the impact is small or non-existent (like in this case)
I thought we had decided to move these examples out of the main repo?I cant find the issue right now, but I think @UlisesGascon opened it? If so, I dont think we should go about updating them here.
I didn't have the time to work on that initiative for a long time, also the approach was more valid before we released express v5. So I am +1 to update them as they are now while thinking as a team if we want to keep alive the other initiative or not for 2025.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters