external icon indicating copy to clipboard operation
external copied to clipboard

Published 20 hours ago verified publisher icon godaddy

[Snyk] Security upgrade url-parse from 1.4.7 to 1.5.6

Open snyk-bot opened this issue 3 years ago • 1 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 713/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4		 Access Restriction Bypass
SNYK-JS-URLPARSE-2401205		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: url-parse The new version differs by 48 commits.
  • 4c9fa23 1.5.6
  • 7b0b8a6 Merge pull request #223 from unshiftio/fix/at-sign-handling-in-userinfo
  • e4a5807 1.5.5
  • 193b44b [minor] Simplify whitespace regex
  • 319851b [fix] Remove CR, HT, and LF
  • 4e53a8c [doc] Document that the returned hostname might be invalid
  • 9be7ee8 [fix] Correctly handle userinfo containing the at sign
  • f7774f6 [security] Fix typos in SECURITY.md
  • 82c4908 [dist] 1.5.4
  • e324874 [doc] Remove dependency status badge
  • 5e8a444 [ci] Test on node 17
  • a72a5c6 [doc] Remove "made by" and IRC badges
  • e9a8353 [ci] Update coverallsapp/github-action action to version 1.1.3
  • 36dd8b4 [minor] Remove redundant assignment
  • 5472388 [minor] Remove dead code
  • 53d4d6d [fix] Handle the `username` and `password` properties
  • 0be9572 [test] Test that `Url#set()` correctly handles the `auth` property
  • 15b1dbd [fix] Do not lose the password in the stringification process
  • 993acbe [fix] Handle the `auth` property (#213)
  • d9e332b [fix] Do not add spurious slashes
  • 78f7017 [pkg] Update mocha to version 9.0.3
  • ad44493 [dist] 1.5.3
  • c798461 [fix] Fix host parsing for file URLs (#210)
  • 201034b [dist] 1.5.2

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Feb 15 '22 16:02 snyk-bot

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

sonarqubecloud[bot] avatar Jul 25 '22 19:07 sonarqubecloud[bot]