fix(deps): update dependency path-to-regexp to v8

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
path-to-regexp	3.3.0 -> 8.1.0

---

Release Notes

pillarjs/path-to-regexp (path-to-regexp)

v8.1.0

Compare Source

Added

• Adds pathToRegexp method back for generating a regex
• Adds stringify method for converting TokenData into a path string

v8.0.0: Simpler API

Compare Source

Heads up! This is a fairly large change (again) and I need to apologize in advance. If I foresaw what this version would have ended up being I would not have released version 7. A longer blog post and explanation will be incoming this week, but the pivot has been due to work on Express.js v5 and this will the finalized syntax used in Express moving forward.

Added

• Adds key names to wildcards using *name syntax, aligns with : behavior but using an asterisk instead

Changed

• Removes group suffixes of ?, +, and * - only optional exists moving forward (use wildcards for +, {*foo} for *)
• Parameter names follow JS identifier rules and allow unicode characters

Added

• Parameter names can now be quoted, e.g. :"foo-bar"

Removed

• Removes loose mode
• Removes regular expression overrides of parameters

v7.2.0: Support array inputs (again)

Compare Source

Added

• Support array inputs for match and pathToRegexp 3fdd88f

v7.1.0: Strict mode

Compare Source

Added

• Adds a strict option to detect potential ReDOS issues

Fixed

• Fixes separator to default to suffix + prefix when not specified
• Allows separator to be undefined in TokenData
  • This is only relevant if you are building TokenData manually, previously parse filled it in automatically

Comments

• I highly recommend enabling strict: true and I'm probably releasing a V8 with it enabled by default ASAP as a necessary security mitigation

v7.0.0: Wildcard, unicode, and modifier changes

Compare Source

Hi all! There's a few major breaking changes in this release so read carefully.

Breaking changes:

• The function returned by compile only accepts strings as values (i.e. no numbers, use String(value) before compiling a path)
  • For repeated values, when encode !== false, it must be an array of strings
• Parameter names can contain all unicode identifier characters (defined as regex \p{XID_Continue}).
• Modifiers (?, *, +) must be used after a param explicitly wrapped in {}
  • No more implied prefix of / or .
• No support for arrays or regexes as inputs
• The wildcard (standalone *) has been added back and matches Express.js expected behavior
• Removed endsWith option
• Renamed strict: true to trailing: false
• Reserved ;, ,, !, and @ for future use-cases
• Removed tokensToRegexp, tokensToFunction and regexpToFunction in favor of simplifying exports
• Enable a "loose" mode by default, so / can be repeated multiple times in a matched path (i.e. /foo works like //foo, etc)
• encode and decode no longer receive the token as the second parameter
• Removed the ESM + CommonJS dual package in favor of only one CommonJS supported export
• Minimum JS support for ES2020 (previous ES2015)
• Encode defaults to encodeURIComponent and decode defaults to decodeURIComponent

Added:

• Adds encodePath to fix an issue around encode being used for both path and parameters (the path and parameter should be encoded slightly differently)
• Adds loose as an option to support arbitrarily matching the delimiter in paths, e.g. foo/bar and foo///bar should work the same
• Allow encode and decode to be set to false which skips all processing of the parameters input/output
• All remaining methods support TokenData (exported, returned by parse) as input
  • This should be useful if you are programmatically building paths to match or want to avoid parsing multiple times

Requests for feedback:

• Requiring {} is an obvious drawback but I'm seeking feedback on whether it helps make path behavior clearer
  • Related: Removing / and . as implicit prefixes
• Removing array and regex support is to reduce the overall package size for things many users don't need
• Unicode IDs are added to align more closely with browser URLPattern behavior, which uses JS identifiers

v6.3.0: Fix backtracking in 6.x

Compare Source

Fixed

• Add backtrack protection to 6.x (#​324) f1253b4

v6.2.2: Updated README

Compare Source

No API changes. Documentation only release.

Changed

• Fix readme example c7ec332
• Update shield URL e828000

v6.2.1: Fix matching :name* parameter

Compare Source

Fixed

• Fix invalid matching of :name* parameter (#​261) 762bc6b
• Compare delimiter string over regexp 86baef8

Added

• New example in documentation (#​256) ae9e576
• Update demo link (#​250) 77df638
• Update README encode example b39edd4

v6.2.0: Named Capturing Groups

Compare Source

Added

• Support named capturing groups for RegExps (#​225)

Fixed

• Update strict flag documentation (#​227)
• Ignore test files when bundling (#​220)

v6.1.0: Use `/#?` as Default Delimiter

Compare Source

Fixed

• Use /#? as default delimiter to avoid matching on query or fragment parameters
  • If you are matching non-paths (e.g. hostnames), you can adjust delimiter: '.'

v6.0.0: Custom Prefix and Suffix Groups

Compare Source

Note: The path syntax has been stabilized with this release, no breaking changes in paths is expected.

This release reverts the prefix behavior added in v3 back to the behavior seen in v2. For the most part, path matching is backward compatible with v2 with these enhancements:

1. Support for nested non-capturing groups in regexp, e.g. /(abc(?=d))
2. Support for custom prefix and suffix groups using /{abc(.*)def}
3. Tokens in an unexpected position will throw an error
   • Paths like /test(foo previously worked treating ( as a literal character, now it expects ( to be closed and is treated as a group
   • You can escape the character for the previous behavior, e.g. /test\(foo

Changed

• Revert using any character as prefix, support prefixes option to configure this (starts as /. which acts like every version since 0.x again)
• Add support for {} to capture prefix/suffix explicitly, enables custom use-cases like /:attr1{-:attr2}?

v5.0.0: Remove Default Encode URI Component

Compare Source

No changes to path rules since 3.x, except support for nested RegEx parts in 4.x.

Changed

• Rename RegexpOptions interface to TokensToRegexpOptions
• Remove normalizePathname from library, document solution in README
• Encode using identity function as default, not encodeURIComponent

v4.0.5: Decode URI

Compare Source

Removed

• Remove whitelist in favor of decodeURI (advanced behavior can happen outside path-to-regexp)

v4.0.4: Remove String#normalize

Compare Source

Fixed

• Remove usage of String.prototype.normalize to continue supporting IE

v4.0.3: Normalize Path Whitelist

Compare Source

Added

• Add normalize whitelist of characters (defaults to /%.-)

v4.0.2: Allow RegexpOptions in match

Compare Source

Fixed

• Allow RegexpOptions in match(...) function

v4.0.1: Fix Spelling of Regexp

Compare Source

Fixed

• Normalize regexp spelling across 4.x

v4.0.0: ES2015 Package for Bundlers

Compare Source

All path rules are backward compatible with 3.x, except for nested () and other RegEx special characters that were previously ignored.

Changed

• Export names have changed to support ES2015 modules in bundlers
• match does not default to decodeURIComponent

Added

• New normalizePathname utility for supporting unicode paths in libraries
• Support nested non-capturing groups within parameters
• Add tree-shaking (via ES2015 modules) for webpack and other bundlers

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 8.x releases. But if you manually upgrade to 8.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.