From 97accb773c4ba9ca9d47ec2cff731c5f72f0d8da Mon Sep 17 00:00:00 2001
From: "Alexander J. Lallier" <alexanderlallier@aol.com>
Date: Mon, 6 Aug 2018 21:11:18 -0400
Subject: [PATCH] Fixed url-parse vulnerability. See
 https://github.com/unshiftio/url-parse/blob/master/SECURITY.md#history

> url-parse returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.
---
 package-lock.json | 18 +++++++++---------
 package.json      |  2 +-
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index a25159b..fa9ae48 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "reload",
-  "version": "2.2.2",
+  "version": "2.3.0",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -1685,9 +1685,9 @@
       "dev": true
     },
     "querystringify": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-1.0.0.tgz",
-      "integrity": "sha1-YoYkIRLFtxL6ZU5SZlK/ahP/Bcs="
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.0.0.tgz",
+      "integrity": "sha512-eTPo5t/4bgaMNZxyjWx6N2a6AuE0mq51KWvpc7nU/MAqixcI6v6KrGUKES0HaomdnolQBBXU/++X6/QQ9KL4tw=="
     },
     "range-parser": {
       "version": "1.2.0",
@@ -2138,12 +2138,12 @@
       "integrity": "sha1-sr9O6FFKrmFltIF4KdIbLvSZBOw="
     },
     "url-parse": {
-      "version": "1.1.9",
-      "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.1.9.tgz",
-      "integrity": "sha1-xn8dd11R8KGJEd17P/rSe7nlvRk=",
+      "version": "1.4.3",
+      "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.4.3.tgz",
+      "integrity": "sha512-rh+KuAW36YKo0vClhQzLLveoj8FwPJNu65xLb7Mrt+eZht0IPT0IXgSv8gcMegZ6NvjJUALf6Mf25POlMwD1Fw==",
       "requires": {
-        "querystringify": "~1.0.0",
-        "requires-port": "1.0.x"
+        "querystringify": "^2.0.0",
+        "requires-port": "^1.0.0"
       }
     },
     "util-deprecate": {
diff --git a/package.json b/package.json
index b443379..379d557 100644
--- a/package.json
+++ b/package.json
@@ -26,7 +26,7 @@
     "opn": "^5.3.0",
     "serve-static": "~1.13.2",
     "supervisor": "~0.12.0",
-    "url-parse": "~1.1.9",
+    "url-parse": "~1.4.3",
     "ws": "~5.2.0"
   },
   "devDependencies": {