pillarjs/path-to-regexp (path-to-regexp)
### [`v7.1.0`](https://togithub.com/pillarjs/path-to-regexp/releases/tag/v7.1.0): Strict mode
[Compare Source](https://togithub.com/pillarjs/path-to-regexp/compare/v7.0.0...v7.1.0)
**Added**
- Adds a `strict` option to detect potential ReDOS issues
**Fixed**
- Fixes separator to default to `suffix + prefix` when not specified
- Allows separator to be undefined in `TokenData`
- This is only relevant if you are building `TokenData` manually, previously `parse` filled it in automatically
**Comments**
- I highly recommend enabling `strict: true` and I'm *probably* releasing a V8 with it enabled by default ASAP as a necessary security mitigation
### [`v7.0.0`](https://togithub.com/pillarjs/path-to-regexp/releases/tag/v7.0.0): Wildcard, unicode, and modifier changes
[Compare Source](https://togithub.com/pillarjs/path-to-regexp/compare/v6.2.2...v7.0.0)
Hi all! There's a few major breaking changes in this release so read carefully.
**Breaking changes:**
- The function returned by `compile` only accepts strings as values (i.e. no numbers, use `String(value)` before compiling a path)
- For repeated values, when `encode !== false`, it must be an array of strings
- Parameter names can contain all unicode identifier characters (defined as regex `\p{XID_Continue}`).
- Modifiers (`?`, `*`, `+`) must be used after a param explicitly wrapped in `{}`
- No more implied prefix of `/` or `.`
- No support for arrays or regexes as inputs
- The wildcard (standalone `*`) has been added back and matches Express.js expected behavior
- Removed `endsWith` option
- Renamed `strict: true` to `trailing: false`
- Reserved `;`, `,`, `!`, and `@` for future use-cases
- Removed `tokensToRegexp`, `tokensToFunction` and `regexpToFunction` in favor of simplifying exports
- Enable a "loose" mode by default, so `/` can be repeated multiple times in a matched path (i.e. `/foo` works like `//foo`, etc)
- `encode` and `decode` no longer receive the token as the second parameter
- Removed the ESM + CommonJS dual package in favor of only one CommonJS supported export
- Minimum JS support for ES2020 (previous ES2015)
- Encode defaults to `encodeURIComponent` and decode defaults to `decodeURIComponent`
**Added:**
- Adds `encodePath` to fix an issue around `encode` being used for both path and parameters (the path and parameter should be encoded slightly differently)
- Adds `loose` as an option to support arbitrarily matching the delimiter in paths, e.g. `foo/bar` and `foo///bar` should work the same
- Allow `encode` and `decode` to be set to `false` which skips all processing of the parameters input/output
- All remaining methods support `TokenData` (exported, returned by `parse`) as input
- This should be useful if you are programmatically building paths to match or want to avoid parsing multiple times
**Requests for feedback:**
- Requiring `{}` is an obvious drawback but I'm seeking feedback on whether it helps make path behavior clearer
- Related: Removing `/` and `.` as implicit prefixes
- Removing array and regex support is to reduce the overall package size for things many users don't need
- Unicode IDs are added to align more closely with browser URLPattern behavior, which uses JS identifiers
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
~6.2.1->~7.1.0Release Notes
pillarjs/path-to-regexp (path-to-regexp)
### [`v7.1.0`](https://togithub.com/pillarjs/path-to-regexp/releases/tag/v7.1.0): Strict mode [Compare Source](https://togithub.com/pillarjs/path-to-regexp/compare/v7.0.0...v7.1.0) **Added** - Adds a `strict` option to detect potential ReDOS issues **Fixed** - Fixes separator to default to `suffix + prefix` when not specified - Allows separator to be undefined in `TokenData` - This is only relevant if you are building `TokenData` manually, previously `parse` filled it in automatically **Comments** - I highly recommend enabling `strict: true` and I'm *probably* releasing a V8 with it enabled by default ASAP as a necessary security mitigation ### [`v7.0.0`](https://togithub.com/pillarjs/path-to-regexp/releases/tag/v7.0.0): Wildcard, unicode, and modifier changes [Compare Source](https://togithub.com/pillarjs/path-to-regexp/compare/v6.2.2...v7.0.0) Hi all! There's a few major breaking changes in this release so read carefully. **Breaking changes:** - The function returned by `compile` only accepts strings as values (i.e. no numbers, use `String(value)` before compiling a path) - For repeated values, when `encode !== false`, it must be an array of strings - Parameter names can contain all unicode identifier characters (defined as regex `\p{XID_Continue}`). - Modifiers (`?`, `*`, `+`) must be used after a param explicitly wrapped in `{}` - No more implied prefix of `/` or `.` - No support for arrays or regexes as inputs - The wildcard (standalone `*`) has been added back and matches Express.js expected behavior - Removed `endsWith` option - Renamed `strict: true` to `trailing: false` - Reserved `;`, `,`, `!`, and `@` for future use-cases - Removed `tokensToRegexp`, `tokensToFunction` and `regexpToFunction` in favor of simplifying exports - Enable a "loose" mode by default, so `/` can be repeated multiple times in a matched path (i.e. `/foo` works like `//foo`, etc) - `encode` and `decode` no longer receive the token as the second parameter - Removed the ESM + CommonJS dual package in favor of only one CommonJS supported export - Minimum JS support for ES2020 (previous ES2015) - Encode defaults to `encodeURIComponent` and decode defaults to `decodeURIComponent` **Added:** - Adds `encodePath` to fix an issue around `encode` being used for both path and parameters (the path and parameter should be encoded slightly differently) - Adds `loose` as an option to support arbitrarily matching the delimiter in paths, e.g. `foo/bar` and `foo///bar` should work the same - Allow `encode` and `decode` to be set to `false` which skips all processing of the parameters input/output - All remaining methods support `TokenData` (exported, returned by `parse`) as input - This should be useful if you are programmatically building paths to match or want to avoid parsing multiple times **Requests for feedback:** - Requiring `{}` is an obvious drawback but I'm seeking feedback on whether it helps make path behavior clearer - Related: Removing `/` and `.` as implicit prefixes - Removing array and regex support is to reduce the overall package size for things many users don't need - Unicode IDs are added to align more closely with browser URLPattern behavior, which uses JS identifiersConfiguration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.