Merge pull request #43 from curveball/update-path-to-regexp

Update path-to-regexp from 6 to 8.1, which fixes a security vulnerability.
curveball · Sep 10, 2024 · 3dd1a88 · 3dd1a88
2 parents 54ebc69 + 399833f
commit 3dd1a88
Show file tree

Hide file tree

Showing 4 changed files with 1,043 additions and 809 deletions.
diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml
@@ -18,7 +18,7 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [18.x, 20.x, 21.x]
+        node-version: [18.x, 20.x, 22.x]
         # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
 
     steps:

diff --git a/changelog.md b/changelog.md
@@ -1,6 +1,16 @@
 Changelog
 =========
 
+2.0.0 (????-??-??)
+------------------
+
+* Updated path-to-regexp from 6 to 8.1, to fix a security vulnerability.
+  Unfortunately the supported syntax for path-to-regexp has changed slightly
+  for complex routes, so this is a breaking change. Most common simple routes
+  will not be affected. For more information consult the path-to-regexp
+  changelog: https://github.com/pillarjs/path-to-regexp/releases
+
+
 1.0.0 (2024-01-16)
 ------------------