chore: bump path-to-regexp, express and netlify-cli #5268

dependabot · 2025-01-06T17:18:25Z

Bumps path-to-regexp to 1.9.0 and updates ancestor dependencies path-to-regexp, express and netlify-cli. These dependencies need to be updated together.

Updates path-to-regexp from 0.1.10 to 1.9.0

Release notes

Sourced from path-to-regexp's releases.

Fix backtracking in 1.x

Fixed

Add backtrack protection to 1.x release (#320) 925ac8e

Fix re.exec(&[#39](https://github.com/pillarjs/path-to-regexp/issues/39);/test/route&[#39](https://github.com/pillarjs/path-to-regexp/issues/39);) result (#267) 32a14b0

pillarjs/path-to-regexp@v1.8.0...v1.9.0

Backport token to function options

Added

Backport TokensToFunctionOptions

Fix backtracking (again)

Fixed

Improved backtracking protection for 0.1.x, will break some previously valid paths (see previous advisory: GHSA-9wv6-86v2-598j)

pillarjs/path-to-regexp@v0.1.11...v0.1.12

Error on bad input

Changed

Add error on bad input values 8f09549

pillarjs/path-to-regexp@v0.1.10...v0.1.11

Changelog

Sourced from path-to-regexp's changelog.

Moved to GitHub Releases

3.0.0 / 2019-01-13

Always use prefix character as delimiter token, allowing any character to be a delimiter (e.g. /:att1-:att2-:att3-:att4-:att5)

Remove partial support, prefer escaping the prefix delimiter explicitly (e.g. \\/(apple-)?icon-:res(\\d+).png)

2.4.0 / 2018-08-26

Support start option to disable anchoring from beginning of the string

2.3.0 / 2018-08-20

Use delimiter when processing repeated matching groups (e.g. foo/bar has no prefix, but has a delimiter)

2.2.1 / 2018-04-24

Allow empty string with end: false to match both relative and absolute paths

2.2.0 / 2018-03-06

Pass token as second argument to encode option (e.g. encode(value, token))

2.1.0 / 2017-10-20

Handle non-ending paths where the final character is a delimiter

E.g. /foo/ before required either /foo/ or /foo// to match in non-ending mode

2.0.0 / 2017-08-23

New option! Ability to set endsWith to match paths like /test?query=string up to the query string

New option! Set delimiters for specific characters to be treated as parameter prefixes (e.g. /:test)

Remove isarray dependency

Explicitly handle trailing delimiters instead of trimming them (e.g. /test/ is now treated as /test/ instead of /test when matching)

Remove overloaded keys argument that accepted options

Remove keys list attached to the RegExp output

Remove asterisk functionality (it's a real pain to properly encode)

Change tokensToFunction (e.g. compile) to accept an encode function for pretty encoding (e.g. pass your own implementation)

1.7.0 / 2016-11-08

Allow a delimiter option to be passed in with tokensToRegExp which will be used for "non-ending" token match situations

1.6.0 / 2016-10-03

Populate RegExp.keys when using the tokensToRegExp method (making it consistent with the main export)

Allow a delimiter option to be passed in with parse

Updated TypeScript definition with Keys and Options updated

1.5.3 / 2016-06-15

... (truncated)

Commits

c75eb10 1.9.0
925ac8e Add backtrack protection to 1.x release (#320)
32a14b0 Fix re.exec('/test/route') result (#267)
79a5dcf 1.8.0
1a47442 feat: backport TokensToFunctionOptions to v1.x
9c0550c Update history for 1.7.0
a99ec3c v1.7.0
69fb61b Allow delimiter to be set for tokensToRegExp
1c2e8e4 Update history for 1.6.0
bdf17de v1.6.0
Additional commits viewable in compare view

Updates express from 4.21.1 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: [email protected] by @blakeembrey in expressjs/express#5956

deps: bump [email protected] by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

deps: [email protected]

Fix backtracking protection

deps: [email protected]

Throws an error on invalid path values

Commits

1faf228 4.21.2
2e0fb64 deps: bump [email protected] (#6209)
59fc270 deps: [email protected] (#5956)
51fc39c docs: add funding (#6065)
See full diff in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates netlify-cli from 17.37.1 to 17.38.1

Release notes

Sourced from netlify-cli's releases.

v17.38.1

17.38.1 (2024-12-17)

Bug Fixes

deps: update dependency dotenv to v16.4.7 (#6949) (65dc682)

deps: update dependency express to v4.21.2 (#6950) (d780a33)

deps: update netlify packages (#6959) (3d794c1)

deps: update netlify packages (#6965) (233bee3)

v17.38.0

17.38.0 (2024-12-03)

Features

add confirmation prompts to unsafe cli commands (#6878) (fd77a12)

implemented flag conflicts in deploy.ts (#6909) (4e668f2)

port in use (#6887) (652f20a)

sites-create-template: auto-link cloned repo to the created netlify site (#6914) (89be8a6)

update function templates to v2 (#6939) (40dafd5)

Bug Fixes

check ip version if settings.useStaticServer (#6936) (be6b07e)

deps: update dependency @netlify/edge-functions to v2.11.1 (#6772) (cd7aeed)

deps: update dependency @sanity/client to v6 (#6650) (fdaabc0)

deps: update dependency @types/node to v20.17.6 (#6918) (9c4eb22)

deps: update dependency @types/node to v20.17.7 (#6933) (fce5cc3)

deps: update dependency @types/node to v22.10.1 (#6942) (2218116)

deps: update dependency ci-info to v4.1.0 (#6925) (f4eca65)

deps: update dependency ora to v8.1.1 (#6919) (f89b707)

deps: update netlify packages (#6922) (96f64ef)

deps: update rust crate lambda_runtime to 0.13.0 (#6920) (f48841c)

make outputs more user-friendly for sites:create-template (#6915) (d132ddd)

prevent redundant repos, add preliminary name checks, and improve error handling in sites:create-template (#6908) (a1000b3)

v17.37.2

17.37.2 (2024-10-29)

Bug Fixes

add zsh autocomplete setup and file permissions instructions to completion:install (#6882) (75c0e7b)

deps: update dependency @netlify/build to v29.55.4 (#6892) (da3563b)

deps: update dependency @netlify/build to v29.56.0 (#6906) (e63a9c2)

deps: update dependency @types/node to v20.17.1 (#6903) (93a728b)

deps: update dependency ws to v8.18.0 (#6904) (89e814d)

... (truncated)

Changelog

Sourced from netlify-cli's changelog.

17.38.1 (2024-12-17)

Bug Fixes

deps: update dependency dotenv to v16.4.7 (#6949) (65dc682)

deps: update dependency express to v4.21.2 (#6950) (d780a33)

deps: update netlify packages (#6959) (3d794c1)

deps: update netlify packages (#6965) (233bee3)

17.38.0 (2024-12-03)

Features

add confirmation prompts to unsafe cli commands (#6878) (fd77a12)

implemented flag conflicts in deploy.ts (#6909) (4e668f2)

port in use (#6887) (652f20a)

sites-create-template: auto-link cloned repo to the created netlify site (#6914) (89be8a6)

update function templates to v2 (#6939) (40dafd5)

Bug Fixes

check ip version if settings.useStaticServer (#6936) (be6b07e)

deps: update dependency @netlify/edge-functions to v2.11.1 (#6772) (cd7aeed)

deps: update dependency @sanity/client to v6 (#6650) (fdaabc0)

deps: update dependency @types/node to v20.17.6 (#6918) (9c4eb22)

deps: update dependency @types/node to v20.17.7 (#6933) (fce5cc3)

deps: update dependency @types/node to v22.10.1 (#6942) (2218116)

deps: update dependency ci-info to v4.1.0 (#6925) (f4eca65)

deps: update dependency ora to v8.1.1 (#6919) (f89b707)

deps: update netlify packages (#6922) (96f64ef)

deps: update rust crate lambda_runtime to 0.13.0 (#6920) (f48841c)

make outputs more user-friendly for sites:create-template (#6915) (d132ddd)

prevent redundant repos, add preliminary name checks, and improve error handling in sites:create-template (#6908) (a1000b3)

17.37.2 (2024-10-29)

Bug Fixes

add zsh autocomplete setup and file permissions instructions to completion:install (#6882) (75c0e7b)

deps: update dependency @netlify/build to v29.55.4 (#6892) (da3563b)

deps: update dependency @netlify/build to v29.56.0 (#6906) (e63a9c2)

deps: update dependency @types/node to v20.17.1 (#6903) (93a728b)

deps: update dependency ws to v8.18.0 (#6904) (89e814d)

deps: update netlify packages (#6891) (8db8a3a)

deps: update netlify packages (#6899) (62d3123)

improve console message when unlinking from directory without a netlify.toml (#6897) (622098e)

... (truncated)

Commits

d45e450 chore(main): release 17.38.1 (#6952)
de43ffc chore(deps): update dependency verdaccio to v6.0.4 (#6964)
233bee3 fix(deps): update netlify packages (#6965)
3d794c1 fix(deps): update netlify packages (#6959)
65dc682 fix(deps): update dependency dotenv to v16.4.7 (#6949)
79c7772 chore(deps): bump path-to-regexp and express in /site (#6951)
d780a33 fix(deps): update dependency express to v4.21.2 (#6950)
6d9315b chore(main): release 17.38.0 (#6911)
4433131 chore(deps): update dependency @types/node to v22.10.1 (#6941)
2218116 fix(deps): update dependency @types/node to v22.10.1 (#6942)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

netlify · 2025-01-06T17:31:22Z

✅ Deploy Preview for docs-spectrocloud ready!

Name	Link
🔨 Latest commit	`8044097`
🔍 Latest deploy log	https://app.netlify.com/sites/docs-spectrocloud/deploys/677c26f29ec6a000088fbee3
😎 Deploy Preview	https://deploy-preview-5268--docs-spectrocloud.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) to 1.9.0 and updates ancestor dependencies [path-to-regexp](https://github.com/pillarjs/path-to-regexp), [express](https://github.com/expressjs/express) and [netlify-cli](https://github.com/netlify/cli). These dependencies need to be updated together. Updates `path-to-regexp` from 0.1.10 to 1.9.0 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.10...v1.9.0) Updates `express` from 4.21.1 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.21.1...4.21.2) Updates `netlify-cli` from 17.37.1 to 17.38.1 - [Release notes](https://github.com/netlify/cli/releases) - [Changelog](https://github.com/netlify/cli/blob/main/CHANGELOG.md) - [Commits](netlify/cli@v17.37.1...v17.38.1) --- updated-dependencies: - dependency-name: path-to-regexp dependency-type: indirect - dependency-name: express dependency-type: indirect - dependency-name: netlify-cli dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) to 1.9.0 and updates ancestor dependencies [path-to-regexp](https://github.com/pillarjs/path-to-regexp), [express](https://github.com/expressjs/express) and [netlify-cli](https://github.com/netlify/cli). These dependencies need to be updated together. Updates `path-to-regexp` from 0.1.10 to 1.9.0 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.10...v1.9.0) Updates `express` from 4.21.1 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.21.1...4.21.2) Updates `netlify-cli` from 17.37.1 to 17.38.1 - [Release notes](https://github.com/netlify/cli/releases) - [Changelog](https://github.com/netlify/cli/blob/main/CHANGELOG.md) - [Commits](netlify/cli@v17.37.1...v17.38.1) --- updated-dependencies: - dependency-name: path-to-regexp dependency-type: indirect - dependency-name: express dependency-type: indirect - dependency-name: netlify-cli dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit edc34bf)

vault-token-factory-spectrocloud · 2025-01-07T00:19:18Z

💔 Some backports could not be created

Status	Branch	Result
✅	version-4-0
✅	version-3-4
✅	version-4-1
✅	version-4-2	Could not create pull request: We couldn't respond to your request in time. Sorry about that. Please try resubmitting your request and contact us if the problem persists.
✅	version-4-3
✅	version-4-4
✅	version-4-5	Could not create pull request: We couldn't respond to your request in time. Sorry about that. Please try resubmitting your request and contact us if the problem persists.

Note: Successful backport PRs will be merged automatically after passing CI.

Manual backport

To create the backport manually run:

backport --pr 5268

Questions ?

Please refer to the Backport tool documentation and see the Github Action logs for details

Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) to 1.9.0 and updates ancestor dependencies [path-to-regexp](https://github.com/pillarjs/path-to-regexp), [express](https://github.com/expressjs/express) and [netlify-cli](https://github.com/netlify/cli). These dependencies need to be updated together. Updates `path-to-regexp` from 0.1.10 to 1.9.0 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.10...v1.9.0) Updates `express` from 4.21.1 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.21.1...4.21.2) Updates `netlify-cli` from 17.37.1 to 17.38.1 - [Release notes](https://github.com/netlify/cli/releases) - [Changelog](https://github.com/netlify/cli/blob/main/CHANGELOG.md) - [Commits](netlify/cli@v17.37.1...v17.38.1) --- updated-dependencies: - dependency-name: path-to-regexp dependency-type: indirect - dependency-name: express dependency-type: indirect - dependency-name: netlify-cli dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit edc34bf) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

vault-token-factory-spectrocloud · 2025-01-15T20:34:47Z

🎉 This PR is included in version 4.6.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

dependabot bot requested a review from a team as a code owner January 6, 2025 17:18

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jan 6, 2025

dependabot bot requested review from addetz, benradstone and achuribooks January 6, 2025 17:18

dependabot bot force-pushed the dependabot/npm_and_yarn/multi-125046a498 branch from ddf3a80 to 8044097 Compare January 6, 2025 18:54

karl-cardenas-coding approved these changes Jan 6, 2025

View reviewed changes

karl-cardenas-coding merged commit edc34bf into master Jan 6, 2025
21 checks passed

karl-cardenas-coding deleted the dependabot/npm_and_yarn/multi-125046a498 branch January 6, 2025 21:50

karl-cardenas-coding added the auto-backport Enable backport label Jan 7, 2025

vault-token-factory-spectrocloud bot mentioned this pull request Jan 7, 2025

[version-4-0] chore: bump path-to-regexp, express and netlify-cli (#5268) #5282

Merged

vault-token-factory-spectrocloud bot mentioned this pull request Jan 7, 2025

[version-3-4] chore: bump path-to-regexp, express and netlify-cli (#5268) #5283

Merged

vault-token-factory-spectrocloud bot mentioned this pull request Jan 7, 2025

[version-4-1] chore: bump path-to-regexp, express and netlify-cli (#5268) #5284

Merged

This was referenced Jan 7, 2025

[version-4-3] chore: bump path-to-regexp, express and netlify-cli (#5268) #5285

Merged

[version-4-2] chore: bump path-to-regexp, express and netlify-cli (#5268) #5286

Merged

vault-token-factory-spectrocloud bot mentioned this pull request Jan 7, 2025

[version-4-4] chore: bump path-to-regexp, express and netlify-cli (#5268) #5287

Merged

vault-token-factory-spectrocloud bot mentioned this pull request Jan 7, 2025

[version-4-5] chore: bump path-to-regexp, express and netlify-cli (#5268) #5288

Merged

vault-token-factory-spectrocloud bot added the released label Jan 15, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: bump path-to-regexp, express and netlify-cli #5268

chore: bump path-to-regexp, express and netlify-cli #5268

dependabot bot commented on behalf of github Jan 6, 2025 •

edited

Loading

netlify bot commented Jan 6, 2025 •

edited

Loading

vault-token-factory-spectrocloud bot commented Jan 7, 2025 •

edited by karl-cardenas-coding

Loading

vault-token-factory-spectrocloud bot commented Jan 15, 2025

chore: bump path-to-regexp, express and netlify-cli #5268

chore: bump path-to-regexp, express and netlify-cli #5268

Conversation

dependabot bot commented on behalf of github Jan 6, 2025 • edited Loading

Fix backtracking in 1.x

Backport token to function options

Fix backtracking (again)

Error on bad input

Moved to GitHub Releases

3.0.0 / 2019-01-13

2.4.0 / 2018-08-26

2.3.0 / 2018-08-20

2.2.1 / 2018-04-24

2.2.0 / 2018-03-06

2.1.0 / 2017-10-20

2.0.0 / 2017-08-23

1.7.0 / 2016-11-08

1.6.0 / 2016-10-03

1.5.3 / 2016-06-15

4.21.2

What's Changed

4.21.2 / 2024-11-06

v17.38.1

17.38.1 (2024-12-17)

Bug Fixes

v17.38.0

17.38.0 (2024-12-03)

Features

Bug Fixes

v17.37.2

17.37.2 (2024-10-29)

Bug Fixes

17.38.1 (2024-12-17)

Bug Fixes

17.38.0 (2024-12-03)

Features

Bug Fixes

17.37.2 (2024-10-29)

Bug Fixes

netlify bot commented Jan 6, 2025 • edited Loading

✅ Deploy Preview for docs-spectrocloud ready!

vault-token-factory-spectrocloud bot commented Jan 7, 2025 • edited by karl-cardenas-coding Loading

💔 Some backports could not be created

Manual backport

Questions ?

vault-token-factory-spectrocloud bot commented Jan 15, 2025

dependabot bot commented on behalf of github Jan 6, 2025 •

edited

Loading

netlify bot commented Jan 6, 2025 •

edited

Loading

vault-token-factory-spectrocloud bot commented Jan 7, 2025 •

edited by karl-cardenas-coding

Loading