path-to-regexp outputs backtracking regular expressions

[sandrobonazzola]

path-to-regexp used by ovirt-web-ui is affected by CVE-2024-45296 path-to-regexp outputs backtracking regular expressions

Dependabot fails to update the dependency with:

Dependabot cannot update path-to-regexp to a non-vulnerable version
The latest possible version that can be installed is 0.1.7 because of the following conflicting dependencies:

react-router@5.2.1 requires path-to-regexp@^1.7.0
react-router-dom@5.3.0 requires path-to-regexp@^1.7.0 via a transitive dependency on react-router@5.2.1
webpack-dev-server@4.8.1 requires path-to-regexp@0.1.7 via a transitive dependency on express@4.17.3
The earliest fixed version is 0.1.10.

VM Portal version number: 1.9.3