-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(deps): Update dependency path-to-regexp to v7 (canary) #1973
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
🚮 Removed packages: npm/@sanity/[email protected] |
Renovate Ignore NotificationBecause you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR. |
This PR contains the following updates:
^6.3.0
->^7.2.0
Release Notes
pillarjs/path-to-regexp (path-to-regexp)
v7.2.0
: Support array inputs (again)Compare Source
Added
match
andpathToRegexp
3fdd88f
v7.1.0
: Strict modeCompare Source
Added
strict
option to detect potential ReDOS issuesFixed
suffix + prefix
when not specifiedTokenData
TokenData
manually, previouslyparse
filled it in automaticallyComments
strict: true
and I'm probably releasing a V8 with it enabled by default ASAP as a necessary security mitigationv7.0.0
: Wildcard, unicode, and modifier changesCompare Source
Hi all! There's a few major breaking changes in this release so read carefully.
Breaking changes:
compile
only accepts strings as values (i.e. no numbers, useString(value)
before compiling a path)encode !== false
, it must be an array of strings\p{XID_Continue}
).?
,*
,+
) must be used after a param explicitly wrapped in{}
/
or.
*
) has been added back and matches Express.js expected behaviorendsWith
optionstrict: true
totrailing: false
;
,,
,!
, and@
for future use-casestokensToRegexp
,tokensToFunction
andregexpToFunction
in favor of simplifying exports/
can be repeated multiple times in a matched path (i.e./foo
works like//foo
, etc)encode
anddecode
no longer receive the token as the second parameterencodeURIComponent
and decode defaults todecodeURIComponent
Added:
encodePath
to fix an issue aroundencode
being used for both path and parameters (the path and parameter should be encoded slightly differently)loose
as an option to support arbitrarily matching the delimiter in paths, e.g.foo/bar
andfoo///bar
should work the sameencode
anddecode
to be set tofalse
which skips all processing of the parameters input/outputTokenData
(exported, returned byparse
) as inputRequests for feedback:
{}
is an obvious drawback but I'm seeking feedback on whether it helps make path behavior clearer/
and.
as implicit prefixesConfiguration
📅 Schedule: Branch creation - "before 3am on Monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate using a curated preset maintained by . View repository job log here