Blake Embrey

Sorry, I just saw https://github.com/pillarjs/router/pull/127, thanks! I'm working through my email in reverse chronological order 😄

Fair, and that’s a strict take. If you have code that only runs on node 20+ or already has dependencies that restrict engines to node 20+ it seems like it...

> I'm not sure why that'd be desirable, but certainly that's not a breaking change. It’s not, but it’s less desirable to try and release new major versions to fix...

I think it's possible, but it does re-introduce the vulnerability from 0.6 and below. Do you have an example of something that's failing so I can get a sense of...

> In this particular case it is a cookie value that contains a comma. Are you also trying to avoid encoding the comma? What's the decode/encode functions you use? Because...

> I use the cookie library to parse it Out of curiosity, how are you parsing it with this library? It was only designed to parse the `cookie` header so...

> Since I'm not the origin of the cookie, I can't alter its name or value, so I've disabled decoding and encoding. Do you know if it's only the comma...

> The proxy service then makes a fetch request to the target server and parses the raw set-cookie response headers from the target server using this library. But won't you...

I have a PR https://github.com/jshttp/cookie/pull/210 which will resolve this issue, however it'd be useful to get some more information on some things: > All of our JSON cookies are broken...

> what should the DSL support I think the safe place to start would be standard regex features via whitelist. We could start with just text and no regex, and...