Skip to content

build(deps): bump path-to-regexp and express in /api#1001

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/api/multi-c6f6658ed3
Closed

build(deps): bump path-to-regexp and express in /api#1001
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/api/multi-c6f6658ed3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 30, 2026

Bumps path-to-regexp to 0.1.13 and updates ancestor dependency express. These dependencies need to be updated together.

Updates path-to-regexp from 0.1.12 to 0.1.13

Release notes

Sourced from path-to-regexp's releases.

0.1.13

Important

Full Changelog: pillarjs/path-to-regexp@v0.1.12...v.0.1.13

Changelog

Sourced from path-to-regexp's changelog.

0.1.13 / 2026-03-26

0.1.7 / 2015-07-28

  • Fixed regression with escaped round brackets and matching groups.

0.1.6 / 2015-06-19

  • Replace index feature by outputting all parameters, unnamed and named.

0.1.5 / 2015-05-08

  • Add an index property for position in match result.

0.1.4 / 2015-03-05

  • Add license information

0.1.3 / 2014-07-06

  • Better array support
  • Improved support for trailing slash in non-ending mode

0.1.0 / 2014-03-06

  • add options.end

0.0.2 / 2013-02-10

  • Update to match current express
  • add .license property to component.json
Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for path-to-regexp since your current version.


Updates express from 4.21.2 to 4.22.1

Release notes

Sourced from express's releases.

v4.22.1

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Full Changelog: expressjs/express@4.22.0...v4.22.1

4.22.0

Important: Security

What's Changed

Full Changelog: expressjs/express@4.21.2...4.22.0

Changelog

Sourced from express's changelog.

4.22.1 / 2025-12-01

4.22.0 / 2025-12-01

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump path-to-regexp and express in /api
af0e97a 
Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) to 0.1.13 and updates ancestor dependency [express](https://github.com/expressjs/express). These dependencies need to be updated together.


Updates `path-to-regexp` from 0.1.12 to 0.1.13
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md)
- [Commits](pillarjs/path-to-regexp@v0.1.12...v.0.1.13)

Updates `express` from 4.21.2 to 4.22.1
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md)
- [Commits](expressjs/express@4.21.2...v4.22.1)

---
updated-dependencies:
- dependency-name: path-to-regexp
  dependency-version: 0.1.13
  dependency-type: indirect
- dependency-name: express
  dependency-version: 4.22.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 30, 2026
@vercel
Copy link
Copy Markdown

vercel Bot commented Mar 30, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
pro-react-admin Ready Ready Preview, Comment Mar 30, 2026 11:33am
pro-react-admin-projecta Ready Ready Preview, Comment Mar 30, 2026 11:33am
pro-react-admin-projectb Ready Ready Preview, Comment Mar 30, 2026 11:33am
pro-react-admin-shell Ready Ready Preview, Comment Mar 30, 2026 11:33am

@what-the-diff
Copy link
Copy Markdown

what-the-diff Bot commented Mar 30, 2026

PR摘要

  • 更新了 express:版本从 4.21.2 更改为 4.22.1,包括对解析URL和完整性哈希的更新。
  • 增加了 qs 子依赖项:为 node_modules/express/node_modules/qs 添加了新条目,指定了版本为 6.14.2,解析了URL,完整性,以及依赖项。
  • 依赖项版本规定express包内的多个依赖项版本已从固定版本更改为版本范围,更新了以下内容:
    • body-parser, content-disposition, cookie, cookie-signature, finalhandler, fresh, http-errors, on-finished, path-to-regexp, qs, send, serve-static, statuses.
  • 保持了总体依赖项结构package-lock.json的总体结构在更新反映了依赖项向上兼容性的同时仍保持完整。

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Mar 30, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@wkylin wkylin closed this Apr 14, 2026
@wkylin wkylin deleted the dependabot/npm_and_yarn/api/multi-c6f6658ed3 branch April 14, 2026 01:03
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 14, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@wkylin