search

unshiftio / url-parse

Small footprint URL parser that works seamlessly across Node.js and browser environments.
http://unshift.io
MIT License
1.03k stars 104 forks source link

url-parse stable version #236

Closed Prudhvicharan closed 2 years ago

Prudhvicharan commented 2 years ago

Hi, We have updated the url-parse package to the latest version(1.5.10)

The latest version of url-parse has 2 Critical(CVE-2022-2216, ) vulnerabilities with scores 9.8 and 9.1 respectively. 1 High(CVE-2022-0722) vulnerability with score 7.5. And 3 Medium level vulnerabilites(CVE-2022-2217, CVE-2022-2218, CVE-2022-2218) with scores 6.1, 6.1, 6.1 respectively Is there a way to fix these vulnerabilities? If so, can you please let us know how to do?

And Latest Version was published on 02/22/2022. Can you please also state the release date of next version?

lpinca commented 2 years ago 
$ npm i url-parse

added 3 packages, and audited 4 packages in 1s

found 0 vulnerabilities
$ npm ls
test@ C:\Users\lpinca\test
└── url-parse@1.5.10

I see no vulnerabilities on npm install. Vulnerabilities in dev dependencies are not a problem.