Skip to content

Releases: pillarjs/path-to-regexp

Fix backtracking (again)

05 Dec 22:09
640e694
Compare
Choose a tag to compare

Fixed

  • Improved backtracking protection for 0.1.x, will break some previously valid paths (see previous advisory: GHSA-9wv6-86v2-598j)

v0.1.11...v0.1.12

8.2.0

26 Sep 03:28
776c898
Compare
Choose a tag to compare

Fixed

  • Allowing path-to-regexp to run on older browsers by targeting ES2015
    • Target ES2015 5969033
      • Also saved 0.22kb (10%!) by removing the private class field down level
    • Remove s flag from regexp 51dbd45

v8.1.0...v8.2.0

Fix backtracking in 6.x

12 Sep 01:09
75a92c3
Compare
Choose a tag to compare

Fixed

v6.2.2...v6.3.0

Error on bad input

12 Sep 18:15
0c71192
Compare
Choose a tag to compare

Changed

  • Add error on bad input values 8f09549

v0.1.10...v0.1.11

v8.1.0

10 Sep 00:26
c302644
Compare
Choose a tag to compare

Added

  • Adds pathToRegexp method back for generating a regex
  • Adds stringify method for converting TokenData into a path string

v8.0.0...v8.1.0

Support array inputs (again)

10 Sep 00:58
8f67b8b
Compare
Choose a tag to compare

Added

  • Support array inputs for match and pathToRegexp 3fdd88f

v7.1.0...v7.2.0

Add backtracking protection

10 Sep 22:04
2eb1293
Compare
Choose a tag to compare

Fixed

  • Add backtrack protection to 3.x release (#321) d31670a

v3.2.0...v3.3.0

Fix backtracking in 1.x

10 Sep 21:26
c75eb10
Compare
Choose a tag to compare

Fixed

  • Add backtrack protection to 1.x release (#320) 925ac8e
  • Fix re.exec('/test/route') result (#267) 32a14b0

v1.8.0...v1.9.0

Simpler API

01 Sep 22:22
ed1095e
Compare
Choose a tag to compare

Heads up! This is a fairly large change (again) and I need to apologize in advance. If I foresaw what this version would have ended up being I would not have released version 7. A longer blog post and explanation will be incoming this week, but the pivot has been due to work on Express.js v5 and this will the finalized syntax used in Express moving forward.

Edit: The post is out - https://blakeembrey.com/posts/2024-09-web-redos/

Added

  • Adds key names to wildcards using *name syntax, aligns with : behavior but using an asterisk instead

Changed

  • Removes group suffixes of ?, +, and * - only optional exists moving forward (use wildcards for +, {*foo} for *)
  • Parameter names follow JS identifier rules and allow unicode characters

Added

  • Parameter names can now be quoted, e.g. :"foo-bar"
  • Match accepts an array of values, so the signature is now string | TokenData | Array<string | TokenData>

Removed

  • Removes loose mode
  • Removes regular expression overrides of parameters

v7.1.0...v8.0.0

Backtrack protection

01 Sep 22:08
c827fce
Compare
Choose a tag to compare

Fixed

  • Add backtrack protection to parameters 29b96b4
    • This will break some edge cases but should improve performance

v0.1.9...v0.1.10