Closed mannes-paqt closed 1 year ago
Based on v1.3.6 tag
1.3.6 gives a critical npm audit error through git-url-parse dependency
┌───────────────┬──────────────────────────────────────────────────────────────┐ │ Critical │ Server-Side Request Forgery (SSRF) in GitHub repository │ │ │ ionicabizau/parse-url │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ parse-url │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=8.1.0 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ nuxt │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ nuxt > @nuxt/telemetry > git-url-parse > git-up > parse-url │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://github.com/advisories/GHSA-j9fq-vwqv-2fm2 │ └───────────────┴──────────────────────────────────────────────────────────────┘
I don't believe these breaking changes have effect on this library
I believe this is already the case: https://github.com/nuxt/telemetry/blob/main/package.json#L44.
edit: ah, I see what you mean.
Thanks @danielroe !
Based on v1.3.6 tag
1.3.6 gives a critical npm audit error through git-url-parse dependency
I don't believe these breaking changes have effect on this library