Vulnerability in url-parse - dependency of amqplib

node-ts / bus

A typescript based enterprise service bus framework based on enterprise integration patterns

https://bus.node-ts.com/

MIT License

272 stars 25 forks source link

Closed ghost closed 2 years ago

ghost commented 2 years ago

We are on @node-ts/bus-rabbitmq 0.6.5 which has a dependency on a vulnerable version of url-parse

There is a current open PR here: https://github.com/node-ts/bus/pull/164 to resolve this issue.

Can you please review that pull request? Is it possible to merge that into an 0.6x branch of bus-rabbitmq or would it have breaking changes?

adenhertog commented 2 years ago

hey @bdefnall, this has been manually applied and is available in @node-ts/bus-rabbitmq@0.6.12