external
external copied to clipboard
Published
20 hours ago •
godaddy
godaddy
[Snyk] Security upgrade url-parse from 1.4.7 to 1.5.9
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
713/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4 |
Authorization Bypass SNYK-JS-URLPARSE-2407759 |
No | Proof of Concept |
|
718/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5 |
Authorization Bypass SNYK-JS-URLPARSE-2407770 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: url-parse
The new version differs by 59 commits.- ad23357 1.5.9
- 0e3fb54 [fix] Strip all control characters from the beginning of the URL
- 61864a8 [security] Add credits for CVE-2022-0686
- bb0104d 1.5.8
- d5c6479 [fix] Handle the case where the port is specified but empty
- 4f2ae67 [security] Add credits for CVE-2022-0639
- 8b3f5f2 1.5.7
- ef45a13 [fix] Readd the empty userinfo to `url.href` (#226)
- 88df234 [doc] Add soft deprecation notice
- 78e9f2f [security] Fix nits
- e6fa434 [security] Add credits for incorrect handling of userinfo vulnerability
- 4c9fa23 1.5.6
- 7b0b8a6 Merge pull request #223 from unshiftio/fix/at-sign-handling-in-userinfo
- e4a5807 1.5.5
- 193b44b [minor] Simplify whitespace regex
- 319851b [fix] Remove CR, HT, and LF
- 4e53a8c [doc] Document that the returned hostname might be invalid
- 9be7ee8 [fix] Correctly handle userinfo containing the at sign
- f7774f6 [security] Fix typos in SECURITY.md
- 82c4908 [dist] 1.5.4
- e324874 [doc] Remove dependency status badge
- 5e8a444 [ci] Test on node 17
- a72a5c6 [doc] Remove "made by" and IRC badges
- e9a8353 [ci] Update coverallsapp/github-action action to version 1.1.3
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Kudos, SonarCloud Quality Gate passed! 
0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells
No Coverage information
0.0% Duplication
![sonarqubecloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}