refactor: Fix for 3 vulnerabilities

[parseplatformorg]

Snyk has created this PR to fix 3 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue
	Information Exposure SNYK-JS-APOLLOSERVER-15790568
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-15789763
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-15789765

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Information Exposure
🦉 Regular Expression Denial of Service (ReDoS)

Summary by CodeRabbit

• Chores
  • Updated production dependency path-to-regexp from v8.3.0 to v8.4.0 to pick up downstream stability and bug fixes.

[parse-github-assistant]

I will reformat the title to use the proper commit message syntax.

[parse-github-assistant]

🚀 Thanks for opening this pull request! We appreciate your effort in improving the project. Please let us know once your pull request is ready for review.

Tip

• Keep pull requests small. Large PRs will be rejected. Break complex features into smaller, incremental PRs.
• Use Test Driven Development. Write failing tests before implementing functionality. Ensure tests pass.
• Group code into logical blocks. Add a short comment before each block to explain its purpose.
• We offer conceptual guidance. Coding is up to you. PRs must be merge-ready for human review.
• Our review focuses on concept, not quality. PRs with code issues will be rejected. Use an AI agent.
• Human review time is precious. Avoid review ping-pong. Inspect and test your AI-generated code.

Note

Please respond to review comments from AI agents just like you would to comments from a human reviewer. Let the reviewer resolve their own comments, unless they have reviewed and accepted your commit, or agreed with your explanation for why the feedback was incorrect.

Caution

Pull requests must be written using an AI agent with human supervision. Pull requests written entirely by a human will likely be rejected, because of lower code quality, higher review effort and the higher risk of introducing bugs. Please note that AI review comments on this pull request alone do not satisfy this requirement.

[parseplatformorg]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 75b58ecb-168d-4e62-b07f-866e4f380b9e

📥 Commits

Reviewing files that changed from the base of the PR and between f8c4d11 and 8085d8b.

📒 Files selected for processing (1)

• package.json

✅ Files skipped from review due to trivial changes (1)

• package.json

---

📝 Walkthrough

Walkthrough

Updated a single production dependency in package.json: path-to-regexp from 8.3.0 to 8.4.0. No other dependency, script, metadata, or exported/public declarations changed.

Changes

Cohort / File(s)	Summary
Dependency Version Bump package.json	Bumped path-to-regexp from 8.3.0 → 8.4.0. No other edits in the file.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• None identified.

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description does not follow the required PR template structure with Issue, Approach, and Tasks sections; it is primarily Snyk-generated content without alignment to repository standards.	Restructure the description to include the required template sections: Issue (link to vulnerabilities), Approach (describe the dependency updates), and Tasks (note that package-lock.json needs manual update).
Title check	❓ Inconclusive	The title mentions fixing vulnerabilities but is vague about which ones; it doesn't specify that the change is just a dependency version upgrade.	Consider a more specific title like 'chore: Update path-to-regexp and apollo/server dependencies for security fixes' to clearly indicate this is a dependency update.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch snyk-fix-2dcd3e4acd6001578a4892f4eabf396a

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Line 23: The package-lock.json was not updated after changing the
"@apollo/server" dependency; run npm install locally to regenerate
package-lock.json so it pins the updated "@apollo/server" (and any transitive
security fixes), verify no unexpected changes, and commit the updated
package-lock.json to this PR before merging.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b4e1cc5f-e83f-4ce9-853c-1904c3a6aa2e

📥 Commits

Reviewing files that changed from the base of the PR and between 5bb8ede and f8c4d11.

📒 Files selected for processing (1)

• package.json

[parse-github-assistant]

The label state:deprioritized-low-quality cannot be used here.