[Snyk] Upgrade url-parse from 1.4.7 to 1.5.3 - Githubissues

atlassian-labs / react-resource-router

Configuration driven routing solution for React SPAs that manages route matching, data fetching and progressive rendering

https://atlassian-labs.github.io/react-resource-router

Apache License 2.0

198 stars 28 forks source link

[Snyk] Upgrade url-parse from 1.4.7 to 1.5.3 #100

Closed snyk-bot closed 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to upgrade url-parse from 1.4.7 to 1.5.3.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 4 versions ahead of your current version.
The recommended version was released 3 months ago, on 2021-07-25.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Open Redirect SNYK-JS-URLPARSE-1533425	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-1078283	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: url-parse

1.5.3 - 2021-07-25
1.5.2 - 2021-07-25
1.5.1 - 2021-02-18
1.5.0 - 2021-02-17
1.4.7 - 2019-04-26

from url-parse GitHub release notes

Commit messages

Package name: url-parse

ad44493 [dist] 1.5.3
c798461 [fix] Fix host parsing for file URLs (#210)
201034b [dist] 1.5.2
2d9ac2c [fix] Sanitize only special URLs (#209)
fb128af [fix] Use `'null'` as `origin` for non special URLs
fed6d9e [fix] Add a leading slash only if the URL is special
94872e7 [fix] Do not incorrectly set the `slashes` property to `true`
81ab967 [fix] Ignore slashes after the protocol for special URLs
ee22050 [ci] Use GitHub Actions
d2979b5 [fix] Special case the `file:` protocol (#204)
9f43f43 [pkg] Update browserify to version 17.0.0
af84da0 [test] Fix multiple mixed slashes test
eb6d9f5 [dist] 1.5.1
750d8e8 [fix] Fixes relative path resolving #199 #200 (#201)
3ac7774 [test] Make test consistent for browser testing
267a0c6 [dist] 1.5.0
d1e7e88 [security] More backslash fixes (#197)
d99bf4c [ignore] Remove npm-debug.log from .gitignore
422c8b5 [pkg] Replace nyc with c8
933809d [pkg] Move coveralls to dev dependencies
190b216 [pkg] Add .npmrc
ce3783f [test] Do not test on all available versions of Edge and Safari
77c1184 [pkg] Update mocha to version 8.0.1
673c3a7 [travis] Test on node 14

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

atlassian-cla-bot[bot] commented 2 years ago

Thank you for your submission! Like many open source projects, we ask that you sign our CLA (Contributor License Agreement) before we can accept your contribution. If your email is listed below, please ensure that you sign the CLA with the same email address.
The following users still need to sign our CLA:
❌snyk-bot

_{Already signed the CLA? To re-check, try refreshing the page.}