Update dependency path-to-regexp@<0.1.13 to ^0.2.0

[tryghost-renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
path-to-regexp@<0.1.13	^0.1.13 → ^0.2.0

---

Release Notes

pillarjs/path-to-regexp (path-to-regexp@<0.1.13)

v0.2.5

Compare Source

• Allow keys parameter to be omitted

v0.2.4

Compare Source

• Code coverage badge
• Updated readme
• Attach keys to the generated regexp

v0.2.3

Compare Source

• Add MIT license

v0.2.2

Compare Source

• A passed in trailing slash in non-strict mode will become optional
• In non-end mode, the optional trailing slash will only match at the end

v0.2.1

Compare Source

• Fixed a major capturing group regexp regression

v0.2.0

Compare Source

• Improved support for arrays
• Improved support for regexps
• Better support for non-ending strict mode matches with a trailing slash
• Travis CI support
• Block using regexp special characters in the path
• Removed support for the asterisk to match all
• New support for parameter suffixes - *, + and ?
• Updated readme
• Provide delimiter information with keys array

---

Configuration

📅 Schedule: (in timezone Etc/UTC)

• Branch creation
  • Only on Sunday and Saturday (* * * * 0,6)
  • Between 11:00 PM and 11:59 PM, Monday through Friday (* 23 * * 1-5)
  • Between 12:00 AM and 04:59 AM, Monday through Saturday (* 0-4 * * 1-6)
• Automerge
  • Only on Sunday and Saturday (* * * * 0,6)
  • Between 11:00 PM and 11:59 PM, Monday through Friday (* 23 * * 1-5)
  • Between 12:00 AM and 04:59 AM, Monday through Saturday (* 0-4 * * 1-6)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

[tryghost-renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 19 workspace projects
[ERR_PNPM_INVALID_MINIMUM_RELEASE_AGE_EXCLUDE] Invalid value in minimumReleaseAgeExclude: Invalid versions union. Found: "path-to-regexp@<0.1.13@0.2.5". Use exact versions only.

[tryghost-renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[9larsons]

Closing — bumping the path-to-regexp override to ^0.2.0 breaks Express 4 routing.

Ghost is on Express 4, whose router is built against path-to-regexp 0.1.x. Forcing 0.2.x (this PR resolves to 0.2.5) changes the compiled route regex / key structure and breaks redirect routing. It reproduces deterministically (verified across two CI runs) on two independent redirect routes:

• test/legacy/site/frontend.test.js:135 — edit-redirect returns no Location header (route no longer redirects)
• test/e2e-server/click-tracking.test.js:92 — attribution_id missing on internal redirects

The failures are isolated to this change — PRs that don't touch path-to-regexp pass acceptance.

There's also no security need for the major bump: main already pins the override to ^0.1.13, which is the patched floor for the ReDoS advisory. Keeping ^0.1.13 stays secure and compatible with Express 4, so closing rather than moving to 0.2.x.

[tryghost-renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (^0.2.0). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.