Bump path-to-regexp, express and @vaadin/router
Bumps path-to-regexp to 6.3.0 and updates ancestor dependencies path-to-regexp, express and @vaadin/router. These dependencies need to be updated together.
Updates path-to-regexp
from 0.1.10 to 6.3.0
Release notes
Sourced from path-to-regexp's releases.
Fix backtracking in 6.x
Fixed
- Add backtrack protection to 6.x (#324) f1253b4
https://github.com/pillarjs/path-to-regexp/compare/v6.2.2...v6.3.0
Updated README
No API changes. Documentation only release.
Changed
- Fix readme example c7ec332
- Update shield URL e828000
https://github.com/pillarjs/path-to-regexp/compare/v6.2.1...v6.2.2
Fix matching
:name*
parameterFixed
- Fix invalid matching of
:name*
parameter (#261) 762bc6b- Compare delimiter string over regexp 86baef8
Added
- New example in documentation (#256) ae9e576
- Update demo link (#250) 77df638
- Update README encode example b39edd4
https://github.com/pillarjs/path-to-regexp/compare/v6.2.0...v6.2.1
Named Capturing Groups
Added
- Support named capturing groups for RegExps (#225)
Fixed
Use
/#?
as Default DelimiterFixed
- Use
/#?
as default delimiter to avoid matching on query or fragment parameters
- If you are matching non-paths (e.g. hostnames), you can adjust
delimiter: '.'
Custom Prefix and Suffix Groups
This release reverts the prefix behavior added in v3 back to the behavior seen in v2. For the most part, path matching is backward compatible with v2 with these enhancements:
... (truncated)
Changelog
Sourced from path-to-regexp's changelog.
Moved to GitHub Releases
3.0.0 / 2019-01-13
- Always use prefix character as delimiter token, allowing any character to be a delimiter (e.g.
/:att1-:att2-:att3-:att4-:att5
)- Remove
partial
support, prefer escaping the prefix delimiter explicitly (e.g.\\/(apple-)?icon-:res(\\d+).png
)2.4.0 / 2018-08-26
- Support
start
option to disable anchoring from beginning of the string2.3.0 / 2018-08-20
- Use
delimiter
when processing repeated matching groups (e.g.foo/bar
has no prefix, but has a delimiter)2.2.1 / 2018-04-24
- Allow empty string with
end: false
to match both relative and absolute paths2.2.0 / 2018-03-06
- Pass
token
as second argument toencode
option (e.g.encode(value, token)
)2.1.0 / 2017-10-20
- Handle non-ending paths where the final character is a delimiter
- E.g.
/foo/
before required either/foo/
or/foo//
to match in non-ending mode2.0.0 / 2017-08-23
- New option! Ability to set
endsWith
to match paths like/test?query=string
up to the query string- New option! Set
delimiters
for specific characters to be treated as parameter prefixes (e.g./:test
)- Remove
isarray
dependency- Explicitly handle trailing delimiters instead of trimming them (e.g.
/test/
is now treated as/test/
instead of/test
when matching)- Remove overloaded
keys
argument that acceptedoptions
- Remove
keys
list attached to theRegExp
output- Remove asterisk functionality (it's a real pain to properly encode)
- Change
tokensToFunction
(e.g.compile
) to accept anencode
function for pretty encoding (e.g. pass your own implementation)1.7.0 / 2016-11-08
- Allow a
delimiter
option to be passed in withtokensToRegExp
which will be used for "non-ending" token match situations1.6.0 / 2016-10-03
- Populate
RegExp.keys
when using thetokensToRegExp
method (making it consistent with the main export)- Allow a
delimiter
option to be passed in withparse
- Updated TypeScript definition with
Keys
andOptions
updated1.5.3 / 2016-06-15
... (truncated)
Commits
-
75a92c3
6.3.0 -
f1253b4
Add backtrack protection to 6.x (#324) -
28a5b27
6.2.2 -
270876d
Test on min node 16 -
d5a42b6
Run tests on ubuntu -
1c265a1
Upgrade dev deps, prettier format -
c7ec332
Fix readme example -
25da491
Bump node v14 for tests -
980d1db
Add v8 coverage -
e828000
Update shield URL - Additional commits viewable in compare view
Updates express
from 4.21.0 to 5.0.1
Release notes
Sourced from express's releases.
5.0.1
What's Changed
- remove --bail from test script by
@jonchurch
in expressjs/express#5962- Nominate
@bjohansebas
to the triage team by@UlisesGascon
in expressjs/express#6009- Link and update captains by
@blakeembrey
in expressjs/express#6013- Update
cookie
semver lock to address CVE-2024-47764 by@joshbuker
in expressjs/express#6017- Release: 5.0.1 by
@UlisesGascon
in expressjs/express#6032Full Changelog: https://github.com/expressjs/express/compare/v5.0.0...5.0.1
5.0.0
What's Changed
- 4.19.2 Staging by
@wesleytodd
in expressjs/express#5561- remove duplicate location test for data uri by
@wesleytodd
in expressjs/express#5562- feat: document beta releases expectations by
@marco-ippolito
in expressjs/express#5565- Cut down on duplicated CI runs by
@jonchurch
in expressjs/express#5564- Add a Threat Model by
@UlisesGascon
in expressjs/express#5526- Assign captain of encodeurl by
@blakeembrey
in expressjs/express#5579- Nominate jonchurch as repo captain for
http-errors
,expressjs.com
,morgan
,cors
,body-parser
by@jonchurch
in expressjs/express#5587- docs: update Security.md by
@inigomarquinez
in expressjs/express#5590- docs: update triage nomination policy by
@UlisesGascon
in expressjs/express#5600- Add CodeQL (SAST) by
@UlisesGascon
in expressjs/express#5433- docs: add UlisesGascon as triage initiative captain by
@UlisesGascon
in expressjs/express#5605- Use object with null prototype for various app properties by
@EvanHahn
in expressjs/express#4861- deps: encodeurl@~2.0.0 by
@blakeembrey
in expressjs/express#5569- skip QUERY method test by
@jonchurch
in expressjs/express#5628- ignore ETAG query test on 21 and 22, reuse skip util by
@jonchurch
in expressjs/express#5639- add support Node.js@22 in the CI by
@mertcanaltin
in expressjs/express#5627- doc: add table of contents, tc/triager lists to readme by
@mertcanaltin
in expressjs/express#5619- List and sort all projects, add captains by
@blakeembrey
in expressjs/express#5653- Call callback once on listen error by
@wesleytodd
in expressjs/express#3216- docs: add
@UlisesGascon
as captain for cookie-parser by@UlisesGascon
in expressjs/express#5666✨ bring back query tests for node 21 by@ctcpip
in expressjs/express#5690- [v4] Deprecate
res.clearCookie
acceptingoptions.maxAge
andoptions.expires
by@jonchurch
in expressjs/express#5672- skip QUERY tests for Node 21 only, still not supported by
@jonchurch
in expressjs/express#5695📝 update people, add ctcpip to TC by@ctcpip
in expressjs/express#5683- remove minor version pinning from ci by
@jonchurch
in expressjs/express#5722- Fix link variable use in attribution section of CODE OF CONDUCT by
@IamLizu
in expressjs/express#5762- Replace Appveyor windows testing with GHA by
@jonchurch
in expressjs/express#5599- Add OSSF Scorecard badge by
@UlisesGascon
in expressjs/express#5436- Throw on invalid status codes by
@jonchurch
in expressjs/express#4212- Use Array.flat instead of array-flatten by
@almic
in expressjs/express#5677- Adopt Node@18 as the minimum supported version by
@UlisesGascon
in expressjs/express#5803- Ignore
expires
andmaxAge
inres.clearCookie()
by@jonchurch
in expressjs/express#5792- send@1.0.0 by
@wesleytodd
in expressjs/express#5786- chore: upgrade
debug
dep from 3.10 to 4.3.6 by@carpasse
in expressjs/express#5829- refactor: replace 'path-is-absolute' dep with node:path isAbsolute method by
@carpasse
in expressjs/express#5830- update scorecard link by
@bjohansebas
in expressjs/express#5814- Nominate
@IamLizu
to the triage team by@UlisesGascon
in expressjs/express#5836
... (truncated)
Changelog
Sourced from express's changelog.
5.0.1 / 2024-10-08
- Update
cookie
semver lock to address CVE-2024-477645.0.0 / 2024-09-10
- remove:
path-is-absolute
dependency - usepath.isAbsolute
instead- breaking:
res.status()
accepts only integers, and input must be greater than 99 and less than 1000
- will throw a
RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000.
for inputs outside this range- will throw a
TypeError: Invalid status code: ${code}. Status code must be an integer.
for non integer inputs- deps: send@1.0.0
res.redirect('back')
andres.location('back')
is no longer a supported magic string, explicitly usereq.get('Referrer') || '/'
.- change:
res.clearCookie
will ignore user providedmaxAge
andexpires
options- deps: cookie-signature@^1.2.1
- deps: debug@4.3.6
- deps: merge-descriptors@^2.0.0
- deps: serve-static@^2.1.0
- deps: qs@6.13.0
- deps: accepts@^2.0.0
- deps: mime-types@^3.0.0
application/javascript
=>text/javascript
- deps: type-is@^2.0.0
- deps: content-disposition@^1.0.0
- deps: finalhandler@^2.0.0
- deps: fresh@^2.0.0
- deps: body-parser@^2.0.1
- deps: send@^1.1.0
5.0.0-beta.3 / 2024-03-25
This incorporates all changes after 4.19.1 up to 4.19.2.
5.0.0-beta.2 / 2024-03-20
This incorporates all changes after 4.17.2 up to 4.19.1.
5.0.0-beta.1 / 2022-02-14
This is the first Express 5.0 beta release, based off 4.17.2 and includes changes from 5.0.0-alpha.8.
- change:
- Default "query parser" setting to
'simple'
... (truncated)
Commits
-
d14b2de
5.0.1 -
2027b87
fix(deps): cookie@0.7.0 -
2cbf227
Link and update captains (#6013) -
3e1a1ce
Add@bjohansebas
to the triage team (#6009) -
6340d15
remove --bail from test script (#5962) -
344b022
5.0.0 -
0c49926
fix(deps): send@^1.1.0 -
b3906cb
fix(deps): serve-static@^2.1.0 -
fed8c2a
fix(deps): body-parser@^2.0.1 -
bdd81f8
Deleteback
as a magic string (#5933) - Additional commits viewable in compare view
Updates @vaadin/router
from 1.7.5 to 2.0.0-rc2
Commits
-
070e918
2.0.0-rc2 -
da67a21
fix: copy dts files (#888) -
c3241e0
2.0.0-rc1 -
d88ea97
refactor!: move Router fully to TypeScript (#886) -
f5f31e0
chore: update yarn.lock and docs -
04f7f06
chore: fix build for "type": "module" (#833) -
81e86c9
chore(deps): bump y18n from 3.2.1 to 3.2.2 (#605) -
d40b806
chore(deps): bump handlebars from 4.7.6 to 4.7.7 (#619) -
6fa628a
chore(deps): bump hosted-git-info from 2.8.8 to 2.8.9 (#620) -
1567041
chore(deps): bump ws from 7.4.2 to 7.4.6 (#631) - Additional commits viewable in compare view
Dependabot commands
You can trigger Dependabot actions by commenting on this MR
-
$dependabot recreate
will recreate this MR rewriting all the manual changes and resolving conflicts