chore(deps): update dependency path-to-regexp to v8 #2905
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
added
dependencies
📊 Package size report -0.09%↓
Unchanged files
🤖 This report was automatically generated by pkg-size-action |
renovate
bot
force-pushed
the
renovate/path-to-regexp-8.x
branch
2 times, most recently
from
83ad73a to
8d95c57
Compare
renovate
bot
force-pushed
the
renovate/path-to-regexp-8.x
branch
from
8d95c57 to
fb3c9d4
Compare
renovate
bot
force-pushed
the
renovate/path-to-regexp-8.x
branch
2 times, most recently
from
7d6cecd to
0a0056a
Compare
renovate
bot
force-pushed
the
renovate/path-to-regexp-8.x
branch
from
0a0056a to
059fc22
Compare
|
Requires some code/type changes to land, closing at this time to reduce build runner usage |
Renovate Ignore NotificationBecause you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^6.2.1->^8.0.0Release Notes
pillarjs/path-to-regexp (path-to-regexp)
v8.2.0: 8.2.0Compare Source
Fixed
path-to-regexpto run on older browsers by targeting ES20155969033sflag from regexp51dbd45v8.1.0Compare Source
Added
pathToRegexpmethod back for generating a regexstringifymethod for convertingTokenDatainto a path stringv8.0.0: Simpler APICompare Source
Heads up! This is a fairly large change (again) and I need to apologize in advance. If I foresaw what this version would have ended up being I would not have released version 7. A longer blog post and explanation will be incoming this week, but the pivot has been due to work on Express.js v5 and this will the finalized syntax used in Express moving forward.
Edit: The post is out - https://blakeembrey.com/posts/2024-09-web-redos/
Added
*namesyntax, aligns with:behavior but using an asterisk insteadChanged
?,+, and*- only optional exists moving forward (use wildcards for+,{*foo}for*)Added
:"foo-bar"string | TokenData | Array<string | TokenData>Removed
loosemodev7.2.0: Support array inputs (again)Compare Source
Added
matchandpathToRegexp3fdd88fv7.1.0: Strict modeCompare Source
Added
strictoption to detect potential ReDOS issuesFixed
suffix + prefixwhen not specifiedTokenDataTokenDatamanually, previouslyparsefilled it in automaticallyComments
strict: trueand I'm probably releasing a V8 with it enabled by default ASAP as a necessary security mitigationv7.0.0: Wildcard, unicode, and modifier changesCompare Source
Hi all! There's a few major breaking changes in this release so read carefully.
Breaking changes:
compileonly accepts strings as values (i.e. no numbers, useString(value)before compiling a path)encode !== false, it must be an array of strings\p{XID_Continue}).?,*,+) must be used after a param explicitly wrapped in{}/or.*) has been added back and matches Express.js expected behaviorendsWithoptionstrict: truetotrailing: false;,,,!, and@for future use-casestokensToRegexp,tokensToFunctionandregexpToFunctionin favor of simplifying exports/can be repeated multiple times in a matched path (i.e./fooworks like//foo, etc)encodeanddecodeno longer receive the token as the second parameterencodeURIComponentand decode defaults todecodeURIComponentAdded:
encodePathto fix an issue aroundencodebeing used for both path and parameters (the path and parameter should be encoded slightly differently)looseas an option to support arbitrarily matching the delimiter in paths, e.g.foo/barandfoo///barshould work the sameencodeanddecodeto be set tofalsewhich skips all processing of the parameters input/outputTokenData(exported, returned byparse) as inputRequests for feedback:
{}is an obvious drawback but I'm seeking feedback on whether it helps make path behavior clearer/and.as implicit prefixesConfiguration
📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.