urlite

urlite copied to clipboard

The regex inside lib/pattern.js file seems to be vulnerable to Regex denial of service. I used this payload to cause a 17 second delay when a URL is processed by...

6en6ar

This package uses the [UNLICENSED license](https://github.com/alanclarke/urlite/blob/26d70f66091139131cad9decd4f07f36e5077b51/package.json#L40C15-L40C25) [According to npm](https://docs.npmjs.com/cli/v8/configuring-npm/package-json), it means: > Finally, if you do not wish to grant others the right to use a private or unpublished package...

Bessonov

Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.14.5 to 7.23.2. Release notes Sourced from @​babel/traverse's releases. v7.23.2 (2023-10-11) NOTE: This release also re-publishes @babel/core, even if it does not appear in the linked release...

dependabot[bot]

Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3 to 1.2.4. Release notes Sourced from word-wrap's releases. 1.2.4 What's Changed Remove default indent by @​mohd-akram in jonschlinkert/word-wrap#24 🔒fix: CVE 2023 26115 (2) by @​OlafConijn in...

dependabot[bot]

Parse fails when password contains `@` ```diff --- i/test/test-parse.js +++ w/test/test-parse.js @@ -33,7 +33,7 @@ describe('parse', function () { }) it('should handle auth', function () { - var url =...

gudleik

Bumps [ajv](https://github.com/ajv-validator/ajv) to 6.12.6 and updates ancestor dependency [standard](https://github.com/standard/standard). These dependencies need to be updated together. Updates `ajv` from 5.5.2 to 6.12.6 Release notes Sourced from ajv's releases. v6.12.6 Fix...

dependabot[bot]

Bumps [nanoid](https://github.com/ai/nanoid) to 3.3.3 and updates ancestor dependency [mocha](https://github.com/mochajs/mocha). These dependencies need to be updated together. Updates `nanoid` from 3.1.20 to 3.3.3 Changelog Sourced from nanoid's changelog. 3.3.3 Reduced size...

dependabot[bot]

Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 3.0.0 to 5.0.1. Release notes Sourced from ansi-regex's releases. v5.0.1 Fixes (backport of 6.0.1 to v5) This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1,...

dependabot[bot]

Bumps [minimatch](https://github.com/isaacs/minimatch) to 3.1.2 and updates ancestor dependency [mocha](https://github.com/mochajs/mocha). These dependencies need to be updated together. Updates `minimatch` from 3.0.4 to 3.1.2 Commits 699c459 3.1.2 2f2b5ff fix: trim pattern 25d7c0d...

dependabot[bot]

Bumps [ua-parser-js](https://github.com/faisalman/ua-parser-js) from 0.7.31 to 0.7.33. Changelog Sourced from ua-parser-js's changelog. Version 0.7.31 / 1.0.2 Fix OPPO Reno A5 incorrect detection Fix TypeError Bug Use AST to extract regexes and...

dependabot[bot]