Skip to content

chore(deps): bump path-to-regexp from 8.3.0 to 8.4.2#2100

Open
dependabot[bot] wants to merge 3 commits intomasterfrom
dependabot/npm_and_yarn/path-to-regexp-8.4.2
Open

chore(deps): bump path-to-regexp from 8.3.0 to 8.4.2#2100
dependabot[bot] wants to merge 3 commits intomasterfrom
dependabot/npm_and_yarn/path-to-regexp-8.4.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 2, 2026
edited
Loading

Bumps path-to-regexp from 8.3.0 to 8.4.2.

Release notes

Sourced from path-to-regexp's releases.

v8.4.2

Fixed

  • Error on trailing backslash (#434) 9a78879

Performance

  • Minimize array allocations (#437) 937c02d
  • Improve compile performance (#436) 57247e6
    • Should improve compilation performance by ~25%
  • Remove internal tokenization during parse (#435) 5844988
    • Should improve parse performance by ~20%

Bundle size to 1.93 kB, from 1.97 kB.

pillarjs/path-to-regexp@v8.4.1...v8.4.2

v8.4.1

Fixed

  • Remove trie deduplication (#431) 6bc8e84
    • Using a trie required non-greedy matching, which regressed wildcards in non-ending mode by matching them up until the first match. For example:
      • /*foo with /a/b = /a
      • /*foo.htmlwith /a/b.html/c.html = /a/b.html
  • Allow backtrack handling to match itself (#427) 5bcd30b
    • When backtracking was introduced, it rejected matching things like /:"a"_:"b" against /foo__. This makes intuitive sense because the second parameter is not going to backtrack on anymore, but it's somewhat unexpected since there's no reason it shouldn't match the second`.

pillarjs/path-to-regexp@v8.4.0...v8.4.1

v8.4.0

Important

Fixed

Changed

  • Dedupes regex prefixes (pillarjs/path-to-regexp#422)
    • This will result in shorter regular expressions for some cases using optional groups
  • Rejects large optional route combinations (pillarjs/path-to-regexp#424)
    • When using groups such as /users{/delete} it will restrict the number of generated combinations to < 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump path-to-regexp from 8.3.0 to 8.4.2
03f79a9 
Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) from 8.3.0 to 8.4.2.
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v8.3.0...v8.4.2)

---
updated-dependencies:
- dependency-name: path-to-regexp
  dependency-version: 8.4.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 2, 2026
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 2, 2026
@dependabot dependabot bot added the javascript Pull requests that update javascript code label Apr 2, 2026
@github-project-automation github-project-automation bot moved this to To Triage in CLI - Kanban Apr 2, 2026
@changeset-bot
Copy link
Copy Markdown

changeset-bot bot commented Apr 2, 2026
edited
Loading

⚠️ No Changeset found

Latest commit: ed325ef

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-project-automation github-project-automation bot moved this from To Triage to Backlog in CLI - Kanban Apr 2, 2026
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Apr 2, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@asyncapi-bot-eve asyncapi-bot-eve asyncapi-bot-eve approved these changes

@Souvikns Souvikns Awaiting requested review from Souvikns Souvikns is a code owner

@Amzani Amzani Awaiting requested review from Amzani Amzani is a code owner

@Shurtu-gal Shurtu-gal Awaiting requested review from Shurtu-gal Shurtu-gal is a code owner

@AayushSaini101 AayushSaini101 Awaiting requested review from AayushSaini101 AayushSaini101 is a code owner

Assignees

No one assigned

Labels

autoapproved autoupdate dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

CLI - Kanban
Status: Backlog

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@asyncapi-bot-eve @asyncapi-bot