chore(deps): update dependency path-to-regexp to v8
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
path-to-regexp | resolutions | major | ^0.1.10 -> ^8.0.0 |
⚠ ️ WarningSome dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
pillarjs/path-to-regexp (path-to-regexp)
v8.2.0
: 8.2.0
Fixed
- Allowing
path-to-regexp
to run on older browsers by targeting ES2015
v8.1.0
Added
- Adds
pathToRegexp
method back for generating a regex - Adds
stringify
method for convertingTokenData
into a path string
v8.0.0
: Simpler API
Heads up! This is a fairly large change (again) and I need to apologize in advance. If I foresaw what this version would have ended up being I would not have released version 7. A longer blog post and explanation will be incoming this week, but the pivot has been due to work on Express.js v5 and this will the finalized syntax used in Express moving forward.
Edit: The post is out - https://blakeembrey.com/posts/2024-09-web-redos/
Added
- Adds key names to wildcards using
*name
syntax, aligns with:
behavior but using an asterisk instead
Changed
- Removes group suffixes of
?
,+
, and*
- only optional exists moving forward (use wildcards for+
,{*foo}
for*
) - Parameter names follow JS identifier rules and allow unicode characters
Added
- Parameter names can now be quoted, e.g.
:"foo-bar"
- Match accepts an array of values, so the signature is now
string | TokenData | Array<string | TokenData>
Removed
- Removes
loose
mode - Removes regular expression overrides of parameters
v7.2.0
: Support array inputs (again)
Added
- Support array inputs for
match
andpathToRegexp
3fdd88f
v7.1.0
: Strict mode
Added
- Adds a
strict
option to detect potential ReDOS issues
Fixed
- Fixes separator to default to
suffix + prefix
when not specified - Allows separator to be undefined in
TokenData
- This is only relevant if you are building
TokenData
manually, previouslyparse
filled it in automatically
- This is only relevant if you are building
Comments
- I highly recommend enabling
strict: true
and I'm probably releasing a V8 with it enabled by default ASAP as a necessary security mitigation
v7.0.0
: Wildcard, unicode, and modifier changes
Hi all! There's a few major breaking changes in this release so read carefully.
Breaking changes:
- The function returned by
compile
only accepts strings as values (i.e. no numbers, useString(value)
before compiling a path)- For repeated values, when
encode !== false
, it must be an array of strings
- For repeated values, when
- Parameter names can contain all unicode identifier characters (defined as regex
\p{XID_Continue}
). - Modifiers (
?
,*
,+
) must be used after a param explicitly wrapped in{}
- No more implied prefix of
/
or.
- No more implied prefix of
- No support for arrays or regexes as inputs
- The wildcard (standalone
*
) has been added back and matches Express.js expected behavior - Removed
endsWith
option - Renamed
strict: true
totrailing: false
- Reserved
;
,,
,!
, and@
for future use-cases - Removed
tokensToRegexp
,tokensToFunction
andregexpToFunction
in favor of simplifying exports - Enable a "loose" mode by default, so
/
can be repeated multiple times in a matched path (i.e./foo
works like//foo
, etc) -
encode
anddecode
no longer receive the token as the second parameter - Removed the ESM + CommonJS dual package in favor of only one CommonJS supported export
- Minimum JS support for ES2020 (previous ES2015)
- Encode defaults to
encodeURIComponent
and decode defaults todecodeURIComponent
Added:
- Adds
encodePath
to fix an issue aroundencode
being used for both path and parameters (the path and parameter should be encoded slightly differently) - Adds
loose
as an option to support arbitrarily matching the delimiter in paths, e.g.foo/bar
andfoo///bar
should work the same - Allow
encode
anddecode
to be set tofalse
which skips all processing of the parameters input/output - All remaining methods support
TokenData
(exported, returned byparse
) as input- This should be useful if you are programmatically building paths to match or want to avoid parsing multiple times
Requests for feedback:
- Requiring
{}
is an obvious drawback but I'm seeking feedback on whether it helps make path behavior clearer- Related: Removing
/
and.
as implicit prefixes
- Related: Removing
- Removing array and regex support is to reduce the overall package size for things many users don't need
- Unicode IDs are added to align more closely with browser URLPattern behavior, which uses JS identifiers
v6.3.0
: Fix backtracking in 6.x
Fixed
v6.2.2
: Updated README
No API changes. Documentation only release.
Changed
v6.2.1
: Fix matching :name*
parameter
Fixed
- Fix invalid matching of
:name*
parameter (#261)762bc6b
- Compare delimiter string over regexp
86baef8
Added
- New example in documentation (#256)
ae9e576
- Update demo link (#250)
77df638
- Update README encode example
b39edd4
v6.2.0
: Named Capturing Groups
Added
- Support named capturing groups for RegExps (#225)
Fixed
v6.1.0
: Use `/#?` as Default Delimiter
Fixed
- Use
/#?
as default delimiter to avoid matching on query or fragment parameters- If you are matching non-paths (e.g. hostnames), you can adjust
delimiter: '.'
- If you are matching non-paths (e.g. hostnames), you can adjust
v6.0.0
: Custom Prefix and Suffix Groups
This release reverts the prefix behavior added in v3 back to the behavior seen in v2. For the most part, path matching is backward compatible with v2 with these enhancements:
- Support for nested non-capturing groups in regexp, e.g.
/(abc(?=d))
- Support for custom prefix and suffix groups using
/{abc(.*)def}
- Tokens in an unexpected position will throw an error
- Paths like
/test(foo
previously worked treating(
as a literal character, now it expects(
to be closed and is treated as a group - You can escape the character for the previous behavior, e.g.
/test\(foo
- Paths like
Changed
- Revert using any character as prefix, support
prefixes
option to configure this (starts as/.
which acts like every version since 0.x again) - Add support for
{}
to capture prefix/suffix explicitly, enables custom use-cases like/:attr1{-:attr2}?
v5.0.0
: Remove Default Encode URI Component
No changes to path rules since 3.x, except support for nested RegEx parts in 4.x.
Changed
- Rename
RegexpOptions
interface toTokensToRegexpOptions
- Remove
normalizePathname
from library, document solution in README - Encode using identity function as default, not
encodeURIComponent
v4.0.5
: Decode URI
Removed
- Remove
whitelist
in favor ofdecodeURI
(advanced behavior can happen outsidepath-to-regexp
)
v4.0.4
: Remove String#normalize
Fixed
- Remove usage of
String.prototype.normalize
to continue supporting IE
v4.0.3
: Normalize Path Whitelist
Added
- Add normalize whitelist of characters (defaults to
/%.-
)
v4.0.2
: Allow RegexpOptions
in match
Fixed
- Allow
RegexpOptions
inmatch(...)
function
v4.0.1
: Fix Spelling of Regexp
Fixed
- Normalize
regexp
spelling across 4.x
v4.0.0
: ES2015 Package for Bundlers
All path rules are backward compatible with 3.x, except for nested ()
and other RegEx special characters that were previously ignored.
Changed
- Export names have changed to support ES2015 modules in bundlers
-
match
does not default todecodeURIComponent
Added
- New
normalizePathname
utility for supporting unicode paths in libraries - Support nested non-capturing groups within parameters
- Add tree-shaking (via ES2015 modules) for webpack and other bundlers
v3.3.0
: Add backtracking protection
Fixed
v3.2.0
: Match Function
Added
- Add native
match
function to library
v3.1.0
: Validate and sensitive options
v3.0.0
- Always use prefix character as delimiter token, allowing any character to be a delimiter (e.g.
/:att1-:att2-:att3-:att4-:att5
) - Remove
partial
support, prefer escaping the prefix delimiter explicitly (e.g.\\/(apple-)?icon-:res(\\d+).png
)
v2.4.0
- Support
start
option to disable anchoring from beginning of the string
v2.3.0
- Use
delimiter
when processing repeated matching groups (e.g.foo/bar
has no prefix, but has a delimiter)
v2.2.1
- Allow empty string with
end: false
to match both relative and absolute paths
v2.2.0
- Pass
token
as second argument toencode
option (e.g.encode(value, token)
)
v2.1.0
- Handle non-ending paths where the final character is a delimiter
- E.g.
/foo/
before required either/foo/
or/foo//
to match in non-ending mode
- E.g.
v2.0.0
- New option! Ability to set
endsWith
to match paths like/test?query=string
up to the query string - New option! Set
delimiters
for specific characters to be treated as parameter prefixes (e.g./:test
) - Remove
isarray
dependency - Explicitly handle trailing delimiters instead of trimming them (e.g.
/test/
is now treated as/test/
instead of/test
when matching) - Remove overloaded
keys
argument that acceptedoptions
- Remove
keys
list attached to theRegExp
output - Remove asterisk functionality (it's a real pain to properly encode)
- Change
tokensToFunction
(e.g.compile
) to accept anencode
function for pretty encoding (e.g. pass your own implementation)
v1.9.0
: Fix backtracking in 1.x
Fixed
- Add backtrack protection to 1.x release (#320)
925ac8e
- Fix
re.exec(&#​39;/test/route&#​39;)
result (#267)32a14b0
v1.8.0
: Backport token to function options
Added
- Backport
TokensToFunctionOptions
v1.7.0
- Allow a
delimiter
option to be passed in withtokensToRegExp
which will be used for "non-ending" token match situations
v1.6.0
- Populate
RegExp.keys
when using thetokensToRegExp
method (making it consistent with the main export) - Allow a
delimiter
option to be passed in withparse
- Updated TypeScript definition with
Keys
andOptions
updated
v1.5.3
- Add
\\
to the ignore character group to avoid backtracking on mismatched parens
v1.5.2
- Escape
\\
in string segments of regexp
v1.5.1
- Add
index.d.ts
to NPM package
v1.5.0
- Handle partial token segments (better)
- Allow compile to handle asterisk token segments
v1.4.0
- Handle RegExp unions in path matching groups
v1.3.0
- Clarify README language and named parameter token support
- Support advanced Closure Compiler with type annotations
- Add pretty paths options to compiled function output
- Add TypeScript definition to project
- Improved prefix handling with non-complete segment parameters (E.g.
/:foo?-bar
)
v1.2.1
- Encode values before validation with path compilation function
- More examples of using compilation in README
v1.2.0
- Add support for matching an asterisk (
*
) as an unnamed match everything group ((.*)
)
v1.1.1
- Expose methods for working with path tokens
v1.1.0
- Expose the parser implementation to consumers
- Implement a compiler function to generate valid strings
- Huge refactor of tests to be more DRY and cover new parse and compile functions
- Use chai in tests
- Add .editorconfig
v1.0.3
- Optimised function runtime
- Added
files
topackage.json
v1.0.2
- Use
Array.isArray
shim - Remove ES5 incompatible code
- Fixed repository path
- Added new readme badges
v1.0.1
- Ensure installation works correctly on 0.8
v1.0.0
- No more API changes
v0.2.5
- Allow keys parameter to be omitted
v0.2.4
- Code coverage badge
- Updated readme
- Attach keys to the generated regexp
v0.2.3
- Add MIT license
v0.2.2
- A passed in trailing slash in non-strict mode will become optional
- In non-end mode, the optional trailing slash will only match at the end
v0.2.1
- Fixed a major capturing group regexp regression
v0.2.0
- Improved support for arrays
- Improved support for regexps
- Better support for non-ending strict mode matches with a trailing slash
- Travis CI support
- Block using regexp special characters in the path
- Removed support for the asterisk to match all
- New support for parameter suffixes -
*
,+
and?
- Updated readme
- Provide delimiter information with keys array
v0.1.12
: Fix backtracking (again)
Fixed
- Improved backtracking protection for 0.1.x, will break some previously valid paths (see previous advisory: https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j)
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.