Why we don't have 2.x branch #332
Comments
|
There's no 2.x branch for the same reason as many other versions don't have branches, I didn't have the capacity to patch every version. I'd recommend either upgrading or downgrading. The CHANGELOG for 3.x is here: https://github.com/pillarjs/path-to-regexp/blob/2eb12934fc1f15d3b9bad010709717fc53a14b8e/History.md, it just depends what features were being used. From a brief look it appears they could downgrade to 1.x without impacting anyone. Alternatively if they want to use the safe APIs, the only truly safe path would be the 8.x releases. |
|
The breaking change from that history file appears to be:
There's code in It also looks reasonably safe to bump to 3.0, as the only breaking change there was the prefix characters. |
|
Because serve-handler is pinned to 2.2.1 and not using something like ^2.2.1 a new version of path-to-regexp on the 2.x branch wouldn’t make much of a difference anyway. In all normal upgrade paths a new version of Serve-Handler and Serve is needed. The solution if Vercel doesn’t upgrade those packages is using an alternative to Serve or adding an override/resolution in package.json to force a later version of path-to-regexp. |
|
Thank you for the clarification. You guys are the best! |
The reason I am asking that question because of
High severity vulnerabilities / serve-handler / path-to-regexpvercel/serve#811[email protected]
└─┬ [email protected]
└─┬ [email protected]
└── [email protected]
This package is using
[email protected]and the recent commit for (Add backtrack protection to 3.x release) was done for 3.x release but I don't see any new package version for 2.x.The text was updated successfully, but these errors were encountered: