Skip to content

Bump path-to-regexp to 6.3.0 #6686

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 16, 2024
Merged

Bump path-to-regexp to 6.3.0 #6686

merged 2 commits into from
Sep 16, 2024

Conversation

DaniFoldi
Copy link
Contributor

@DaniFoldi DaniFoldi commented Sep 12, 2024
edited
Loading

What this PR solves / how to test

Yesterday, a backport for the fix of a redos in path-to-regexp was published.
PR of path-to-regexp fix: pillarjs/path-to-regexp#324 - the advisory database wasn't updated yet, so it might take a while before warnings go away.

Alternatively, path-to-regexp could be updated to ^8.1.0, but there are a fair amount of changes between v6 and (v7 and) v8.

Fixes #6720

Author has addressed the following

  • Tests
    • TODO (before merge)
    • Included
    • Not necessary because: no code changes
  • E2E Tests CI Job required? (Use "e2e" label or ask maintainer to run separately)
    • I don't know
    • Required / Maybe required
    • Not required because: don't think it's needed for this
  • Changeset (Changeset guidelines)
    • TODO (before merge)
    • Included
    • Not necessary because:
  • Public documentation
    • TODO (before merge)
    • Cloudflare docs PR(s):
    • Not necessary because: no new features

@DaniFoldi DaniFoldi requested a review from a team as a code owner September 12, 2024 10:19
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Sep 12, 2024
edited
Loading

🦋 Changeset detected

Latest commit: 896f847

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages
Name Type
wrangler Patch
@cloudflare/vitest-pool-workers Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 12, 2024
edited
Loading

A wrangler prerelease is available for testing. You can install this latest build in your project with:

npm install --save-dev https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/10862574925/npm-package-wrangler-6686

You can reference the automatically updated head of this PR with:

npm install --save-dev https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/prs/6686/npm-package-wrangler-6686

Or you can use npx with this latest build directly:

npx https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/10862574925/npm-package-wrangler-6686 dev path/to/script.js
Additional artifacts: 
npx https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/10862574925/npm-package-create-cloudflare-6686 --no-auto-update
npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/10862574925/npm-package-cloudflare-kv-asset-handler-6686
npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/10862574925/npm-package-miniflare-6686
npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/10862574925/npm-package-cloudflare-pages-shared-6686
npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/10862574925/npm-package-cloudflare-vitest-pool-workers-6686
npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/10862574925/npm-package-cloudflare-workers-editor-shared-6686
npm install https://prerelease-registry.devprod.cloudflare.dev/workers-sdk/runs/10862574925/npm-package-cloudflare-workers-shared-6686

Note that these links will no longer work once the GitHub Actions artifact expires.

[email protected] includes the following runtime dependencies:

Package Constraint Resolved
miniflare workspace:* 3.20240909.1
workerd 1.20240909.0 1.20240909.0
workerd --version 1.20240909.0 2024-09-09

Please ensure constraints are pinned, and miniflare/workerd minor versions match.

@penalosa
Copy link
Contributor

@DaniFoldi could you fill out the PR template?

@DaniFoldi
Copy link
Contributor Author

Hey @penalosa, I've filled it out now, and also rebased on latest main (38 commits in two days, nice).

I'd love a simpler PR template for changes like this, having opened a few PRs here already I still don't know if I need e2e test ci or not.

@DaniFoldi DaniFoldi mentioned this pull request Sep 14, 2024
Closed
@penalosa penalosa merged commit 2c8506f into cloudflare:main Sep 16, 2024
24 of 27 checks passed
@workers-devprod workers-devprod added the contribution [Holopin] Recognizes an open-source contribution, big or small label Sep 16, 2024
@holopin-bot Holopin Bot
Copy link

holopin-bot bot commented Sep 16, 2024

Congratulations @DaniFoldi, the maintainer of this repository has issued you a holobyte! Here it is: https://holopin.io/holobyte/cm152n4xi13810cjysg0gxq5e

This badge can only be claimed by you, so make sure that your GitHub account is linked to your Holopin account. You can manage those preferences here: https://holopin.io/account.
Or if you're new to Holopin, you can simply sign up with GitHub, which will do the trick!

@workers-devprod workers-devprod mentioned this pull request Sep 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@penalosa penalosa penalosa approved these changes

Assignees

No one assigned

Labels

contribution [Holopin] Recognizes an open-source contribution, big or small

Projects

workers-sdk
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Update path-to-regexp to fix audit issue

3 participants

@DaniFoldi @penalosa @workers-devprod