Update path-to-regexp to 8.1.0 (fix CVE-2024-45296) (#226)

* Update path-to-regexp package to 8.1.0

* Use updated API of pathToRegexp

* Fix prettier

* Use new path-to-regexp wildcard syntax when parsing url

* Add a small comment that hints the reader at what the strange syntax is about

---------

Co-authored-by: Carl-Erik Kopseng <[email protected]>

Author: alexpech12

lib/fake-server/index.js

@@ -250,8 +250,10 @@ var fakeServer = {
                 url = url.replace("://", "\\://");
             }
             if (/\*/.test(url)) {
+                // Uses the new syntax for repeating parameters in path-to-regexp,
+                // see https://github.com/pillarjs/path-to-regexp#unexpected--or-
                 // eslint-disable-next-line no-param-reassign
-                url = url.replace(/\/\*/g, "/(.*)");
+                url = url.replace(/\/\*/g, "/*path");
             }
 
             if (this.legacyRoutes) {
@@ -261,11 +263,12 @@ var fakeServer = {
                 }
             }
         }
-
         push.call(this.responses, {
             method: method,
             url:
-                typeof url === "string" && url !== "" ? pathToRegexp(url) : url,
+                typeof url === "string" && url !== ""
+                    ? pathToRegexp(url).regexp
+                    : url,
             response: typeof body === "function" ? body : responseArray(body),
         });
     },

package-lock.json

@@ -67,7 +67,7 @@
     "@sinonjs/fake-timers": "^11.2.2",
     "@sinonjs/text-encoding": "^0.7.2",
     "just-extend": "^6.2.0",
-    "path-to-regexp": "^6.2.1"
+    "path-to-regexp": "^8.1.0"
   },
   "lint-staged": {
     "*.{js,css,md}": "prettier --check",