-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update dependency url-parse to 1.5.0 [SECURITY] #291
Conversation
Codecov Report
@@ Coverage Diff @@
## master #291 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 2 2
Lines 131 131
=========================================
Hits 131 131 Continue to review full report at Codecov.
|
npm-check-updates -u There's still an issue whereby reload depends on an old version of url-parse. See: alallier/reload#291
May I ask for this one to be merged? It is a vulnerability issue |
@alallier Can you check this because there is currently a vulnerability solved using this PR. |
Sorry for the delay, I was away on travel. I will try and get to it this week for you guys |
* CI Updates * Dropped Node 10.x and added 16.x from CI - See: #298 * Update actions/checkout action to v2 - See: #276 * Update actions/setup-node action to v2 - #282 * Dependency Updates * Update commander from ~6.1.0 to ~7.2.0 - See: #283 * Update url-parse from ~1.4.4 to ~1.5.0 - See: #291 * Update open from ^7.0.0 to ^8.0.0 - See: https://github.com/alallier/reload/pull/292/files * Update ws from ~7.3.0 to ~7.4.6 - See: #294 * Update sinon from 9.1.0 to 11.1.1 - See: https://github.com/alallier/reload/pull/295/files * Update mocha from 8.4.0 to 9.0.0 - See: https://github.com/alallier/reload/pull/297/files * Update downstream y18n from 4.0.0 to 4.0.1 - See: #288
This has been released and published, you can find the latest release (3.2.0) on npm and GitHub's npm package registry Sorry for the delay |
This PR contains the following updates:
1.4.4
->1.5.0
GitHub Vulnerability Alerts
CVE-2021-27515
url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path.
Configuration
📅 Schedule: "" (UTC).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.