Release 0.103.1

[tudddorrr]

No description provided.

[claude]

PR Review

The bulk of this PR is housekeeping: MikroORM 6.6.4 → 6.6.6, whitespace fixes in test describe names, and empty email env vars added to .env.test. The substantive change is the new decodeParamsMiddleware.

---

🟡 Code Quality

decodeURIComponent can throw on malformed params

decodeURIComponent raises a URIError for invalid percent-encoded sequences (e.g. a lone % or %zz). Since this middleware is prepended to every route, any request with a malformed URL param would throw an unhandled URIError. The error middleware will likely catch it but return a 500 instead of the more appropriate 400.

// Current - throws URIError on malformed input
ctx.params[param] = decodeURIComponent(ctx.params[param])

// Safer alternative
try {
  ctx.params[param] = decodeURIComponent(ctx.params[param])
} catch {
  ctx.throw(400, `Invalid URL encoding in route parameter: ${param}`)
}

The new test covers the happy path but there's no test for a request with a malformed param (e.g. %zz in the internal name).

---

🔵 Minor

Missing test for other special characters

The test only covers spaces (with space → with%20space). Other characters that appear in internalName values (e.g. slashes, +, unicode) could have different behaviour depending on how koa-tree-router handles them before the middleware runs. A test for a + character would be worth adding since + is not decoded by decodeURIComponent (only %2B is), which might surprise callers who expect + to mean space.