v4.0.5

• Improve regex b4ff333

Tip: If you use it in a server context, it's a good idea to give the regex a timeout.

v4.0.4...v4.0.5

v4.0.4

• Fix some false positive matches (#23) e93d9c8

Tip: If you use it in a server context, it's a good idea to give the regex a timeout.

v4.0.3...v4.0.4

v4.0.3

• Fix ReDoS vulnerability d8ba39a
  • This only affects you if you run the regex on untrusted user input in a server context.
  • Also back-ported to v3 in 3.1.4.
  • CVE pending

v4.0.2...v4.0.3

v3.1.4

• Backport of ReDoS fix 7712ba5

v4.0.2

• No changes. Just fixing a npm dist tag.

v4.0.1

• Fix ReDoS vulnerability 11c6624
  • This only affects you if you run the regex on untrusted user input in a server context.
  • Also back-ported to v3 in 3.1.3.
  • CVE-2021-3795

v4.0.0...v4.0.1

v4.0.0

Breaking

• Require Node.js 12 7b785e3
• This package is now pure ESM. Please read this.

v3.1.2...v4.0.0

v3.1.2

• Fix regex catastrophic backtracking 6baf2cc
  Working around this meant accepting some obscure false-positives. I don't think it will affect any real code, but it's good to be aware of. See the disabled tests in the commit.

v3.1.1...v3.1.2

v3.1.1

• Allow 0 as numeric identifier (#19) c64c57f

v3.1.0...v3.1.1

v3.1.0

• Add TypeScript definition (#16) 039944b

v3.0.0...v3.1.0