Releases: pillarjs/path-to-regexp
Releases · pillarjs/path-to-regexp
Fix backtracking (again)
Fixed
- Improved backtracking protection for 0.1.x, will break some previously valid paths (see previous advisory: GHSA-9wv6-86v2-598j)
8.2.0
Fix backtracking in 6.x
Error on bad input
v8.1.0
Added
- Adds
pathToRegexp
method back for generating a regex - Adds
stringify
method for convertingTokenData
into a path string
Support array inputs (again)
Add backtracking protection
Fix backtracking in 1.x
Simpler API
Heads up! This is a fairly large change (again) and I need to apologize in advance. If I foresaw what this version would have ended up being I would not have released version 7. A longer blog post and explanation will be incoming this week, but the pivot has been due to work on Express.js v5 and this will the finalized syntax used in Express moving forward.
Edit: The post is out - https://blakeembrey.com/posts/2024-09-web-redos/
Added
- Adds key names to wildcards using
*name
syntax, aligns with:
behavior but using an asterisk instead
Changed
- Removes group suffixes of
?
,+
, and*
- only optional exists moving forward (use wildcards for+
,{*foo}
for*
) - Parameter names follow JS identifier rules and allow unicode characters
Added
- Parameter names can now be quoted, e.g.
:"foo-bar"
- Match accepts an array of values, so the signature is now
string | TokenData | Array<string | TokenData>
Removed
- Removes
loose
mode - Removes regular expression overrides of parameters
Backtrack protection
Fixed
- Add backtrack protection to parameters 29b96b4
- This will break some edge cases but should improve performance