Skip to content

Bump path-to-regexp, fetch-mock and serve#1123

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-dcda5e669c
Open

Bump path-to-regexp, fetch-mock and serve#1123
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-dcda5e669c

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 30, 2026

Bumps path-to-regexp to 1.9.0 and updates ancestor dependencies path-to-regexp, fetch-mock and serve. These dependencies need to be updated together.

Updates path-to-regexp from 1.8.0 to 1.9.0

Release notes

Sourced from path-to-regexp's releases.

Fix backtracking in 1.x

Fixed

  • Add backtrack protection to 1.x release (#320) 925ac8e
  • Fix re.exec(&[#39](https://github.com/pillarjs/path-to-regexp/issues/39);/test/route&[#39](https://github.com/pillarjs/path-to-regexp/issues/39);) result (#267) 32a14b0

pillarjs/path-to-regexp@v1.8.0...v1.9.0

Commits

Updates path-to-regexp from 0.1.12 to 0.1.13

Release notes

Sourced from path-to-regexp's releases.

Fix backtracking in 1.x

Fixed

  • Add backtrack protection to 1.x release (#320) 925ac8e
  • Fix re.exec(&[#39](https://github.com/pillarjs/path-to-regexp/issues/39);/test/route&[#39](https://github.com/pillarjs/path-to-regexp/issues/39);) result (#267) 32a14b0

pillarjs/path-to-regexp@v1.8.0...v1.9.0

Commits

Updates fetch-mock from 7.7.3 to 12.6.0

Release notes

Sourced from fetch-mock's releases.

fetch-mock: v12.6.0

12.6.0 (2025-10-29)

Features

  • implement host: matcher (2b0a43d)

Documentation Changes

  • document new host matcher (6205357)

fetch-mock: v12.5.6

12.5.6 (2025-10-27)

Bug Fixes

  • clean abort event listener once it's called or response is returned (4606250)
  • clean abort event listener once it's called or response is returned (ca51920)

fetch-mock: v12.5.5

12.5.5 (2025-10-21)

Bug Fixes

  • do not try to get a reader from a locked request oder response to cancel them (8c23ecf)
  • use optional chaining operator and do not try to cancel locked request or response to prevent errors (b1ff114)
  • use optional chaining operator to prevent errors (87f8399)

fetch-mock: v12.5.4

12.5.4 (2025-08-28)

Bug Fixes

  • apply browser exports fix for fetch-mock package (318cd94)

fetch-mock: v12.5.3

12.5.3 (2025-06-17)

Bug Fixes

  • add wrapper class to fix type ambiguity (b093bb0)
  • add wrapper class to fix type ambiguity (ea45aec)

fetch-mock: v12.5.2

... (truncated)

Changelog

Sourced from fetch-mock's changelog.

12.6.0 (2025-10-29)

Features

  • implement host: matcher (2b0a43d)

Documentation Changes

  • document new host matcher (6205357)

12.5.6 (2025-10-27)

Bug Fixes

  • clean abort event listener once it's called or response is returned (4606250)
  • clean abort event listener once it's called or response is returned (ca51920)

12.5.5 (2025-10-21)

Bug Fixes

  • do not try to get a reader from a locked request oder response to cancel them (8c23ecf)
  • use optional chaining operator and do not try to cancel locked request or response to prevent errors (b1ff114)
  • use optional chaining operator to prevent errors (87f8399)

12.5.4 (2025-08-28)

Bug Fixes

  • apply browser exports fix for fetch-mock package (318cd94)

12.5.3 (2025-06-17)

Bug Fixes

  • add wrapper class to fix type ambiguity (b093bb0)
  • add wrapper class to fix type ambiguity (ea45aec)

12.5.2 (2025-03-03)

Bug Fixes

  • allow matching body for delete requests (891197c)

... (truncated)

Commits
  • 4871184 chore: release main
  • 32fdb1b test: fixed browser test for host matching
  • c50e42d chore: run prettier
  • 2b0a43d feat: implement host: matcher
  • 6205357 docs: document new host matcher
  • 6720a98 test: added failing test for host: matcher
  • 346d867 chore: release main
  • ca51920 fix: clean abort event listener once it's called or response is returned
  • e7a29e8 chore: release main
  • 9cdfe9d test: add test for optional chaining for route in call history
  • Additional commits viewable in compare view

Updates serve from 11.2.0 to 14.2.6

Release notes

Sourced from serve's releases.

v14.2.6

Patch Changes

  • 7fcb924: Bump ajv to 8.18.0
  • b3888f9: Update serve-handler to 6.1.7 to fix ReDoS vulnerabilities

v14.2.5

Patch Changes

  • f4b6fbd: Update compression to v1.8.1

14.2.4

Patches

  • Bump serve-handler, vitest, and `typescript: #812

14.2.3

Patches

  • Bump @zeit/schemas to 2.36.0: #803

14.2.2

Patches

  • fix: Update ajv from 8.11.0 to 8.12.0: #796

Credits

Huge thanks to @​legobeat for helping!

14.2.1

Patches

  • Set Access-Control-Allow-Headers: * default response header: #775

Credits

Huge thanks to @​hood for helping!

14.2.0

Minor Changes

  • Update CORS headers to support PNA spec: #753
  • Bump @zeit/schemas package: #756

Patches

  • Update the license year: #752

Credits

... (truncated)

Changelog

Sourced from serve's changelog.

14.2.6

Patch Changes

  • 7fcb924: Bump ajv to 8.18.0
  • b3888f9: Update serve-handler to 6.1.7 to fix ReDoS vulnerabilities

14.2.5

Patch Changes

  • f4b6fbd: Update compression to v1.8.1
Commits
Maintainer changes

This version was pushed to npm by vercel-release-bot, a new releaser for serve since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump path-to-regexp, fetch-mock and serve
328b2ba 
Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) to 1.9.0 and updates ancestor dependencies [path-to-regexp](https://github.com/pillarjs/path-to-regexp), [fetch-mock](https://github.com/wheresrhys/fetch-mock/tree/HEAD/packages/fetch-mock) and [serve](https://github.com/vercel/serve). These dependencies need to be updated together.


Updates `path-to-regexp` from 1.8.0 to 1.9.0
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v1.8.0...v1.9.0)

Updates `path-to-regexp` from 0.1.12 to 0.1.13
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v1.8.0...v1.9.0)

Updates `fetch-mock` from 7.7.3 to 12.6.0
- [Release notes](https://github.com/wheresrhys/fetch-mock/releases)
- [Changelog](https://github.com/wheresrhys/fetch-mock/blob/main/packages/fetch-mock/CHANGELOG.md)
- [Commits](https://github.com/wheresrhys/fetch-mock/commits/fetch-mock-v12.6.0/packages/fetch-mock)

Updates `serve` from 11.2.0 to 14.2.6
- [Release notes](https://github.com/vercel/serve/releases)
- [Changelog](https://github.com/vercel/serve/blob/main/CHANGELOG.md)
- [Commits](vercel/serve@11.2.0...v14.2.6)

---
updated-dependencies:
- dependency-name: path-to-regexp
  dependency-version: 1.9.0
  dependency-type: indirect
- dependency-name: path-to-regexp
  dependency-version: 0.1.13
  dependency-type: indirect
- dependency-name: fetch-mock
  dependency-version: 12.6.0
  dependency-type: direct:development
- dependency-name: serve
  dependency-version: 14.2.6
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 30, 2026
@netlify
Copy link
Copy Markdown

netlify Bot commented Mar 30, 2026
edited
Loading

Deploy Preview for blissful-goodall-fa23f6 failed.

Name Link
🔨 Latest commit 328b2ba
🔍 Latest deploy log https://app.netlify.com/projects/blissful-goodall-fa23f6/deploys/69ca5c83ca70af00084520c4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants