Skip to content

Update dependency path-to-regexp@<0.1.13 to ^0.2.0#28215

Closed
tryghost-renovate[bot] wants to merge 1 commit into
mainfrom
renovate/path-to-regexp-0.1.13-0.x
Closed

Update dependency path-to-regexp@<0.1.13 to ^0.2.0#28215
tryghost-renovate[bot] wants to merge 1 commit into
mainfrom
renovate/path-to-regexp-0.1.13-0.x

Conversation

@tryghost-renovate

@tryghost-renovate tryghost-renovate Bot commented May 27, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
path-to-regexp@<0.1.13 ^0.1.13^0.2.0 age confidence

Release Notes

pillarjs/path-to-regexp (path-to-regexp@<0.1.13)

v0.2.5

Compare Source

  • Allow keys parameter to be omitted

v0.2.4

Compare Source

  • Code coverage badge
  • Updated readme
  • Attach keys to the generated regexp

v0.2.3

Compare Source

  • Add MIT license

v0.2.2

Compare Source

  • A passed in trailing slash in non-strict mode will become optional
  • In non-end mode, the optional trailing slash will only match at the end

v0.2.1

Compare Source

  • Fixed a major capturing group regexp regression

v0.2.0

Compare Source

  • Improved support for arrays
  • Improved support for regexps
  • Better support for non-ending strict mode matches with a trailing slash
  • Travis CI support
  • Block using regexp special characters in the path
  • Removed support for the asterisk to match all
  • New support for parameter suffixes - *, + and ?
  • Updated readme
  • Provide delimiter information with keys array

Configuration

📅 Schedule: (in timezone Etc/UTC)

  • Branch creation
    • Only on Sunday and Saturday (* * * * 0,6)
    • Between 11:00 PM and 11:59 PM, Monday through Friday (* 23 * * 1-5)
    • Between 12:00 AM and 04:59 AM, Monday through Saturday (* 0-4 * * 1-6)
  • Automerge
    • Only on Sunday and Saturday (* * * * 0,6)
    • Between 11:00 PM and 11:59 PM, Monday through Friday (* 23 * * 1-5)
    • Between 12:00 AM and 04:59 AM, Monday through Saturday (* 0-4 * * 1-6)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

@tryghost-renovate

Copy link
Copy Markdown
Contributor Author

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml
Scope: all 19 workspace projects
[ERR_PNPM_INVALID_MINIMUM_RELEASE_AGE_EXCLUDE] Invalid value in minimumReleaseAgeExclude: Invalid versions union. Found: "path-to-regexp@<0.1.13@0.2.5". Use exact versions only.

@github-actions github-actions Bot added the dependencies Pull requests that update a dependency file label May 27, 2026
@tryghost-renovate tryghost-renovate Bot force-pushed the renovate/path-to-regexp-0.1.13-0.x branch 5 times, most recently from 19ee963 to 610bf04 Compare May 28, 2026 06:18
@9larsons 9larsons force-pushed the renovate/path-to-regexp-0.1.13-0.x branch from 610bf04 to b781f34 Compare May 31, 2026 21:18
@9larsons 9larsons enabled auto-merge (squash) May 31, 2026 21:20
@tryghost-renovate

Copy link
Copy Markdown
Contributor Author

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@9larsons

Copy link
Copy Markdown
Contributor

Closing — bumping the path-to-regexp override to ^0.2.0 breaks Express 4 routing.

Ghost is on Express 4, whose router is built against path-to-regexp 0.1.x. Forcing 0.2.x (this PR resolves to 0.2.5) changes the compiled route regex / key structure and breaks redirect routing. It reproduces deterministically (verified across two CI runs) on two independent redirect routes:

  • test/legacy/site/frontend.test.js:135 — edit-redirect returns no Location header (route no longer redirects)
  • test/e2e-server/click-tracking.test.js:92attribution_id missing on internal redirects

The failures are isolated to this change — PRs that don't touch path-to-regexp pass acceptance.

There's also no security need for the major bump: main already pins the override to ^0.1.13, which is the patched floor for the ReDoS advisory. Keeping ^0.1.13 stays secure and compatible with Express 4, so closing rather than moving to 0.2.x.

@9larsons 9larsons closed this May 31, 2026
auto-merge was automatically disabled May 31, 2026 23:45

Pull request was closed

@tryghost-renovate

Copy link
Copy Markdown
Contributor Author

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (^0.2.0). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

@tryghost-renovate tryghost-renovate Bot deleted the renovate/path-to-regexp-0.1.13-0.x branch May 31, 2026 23:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant