WS-2022-0237 (High) detected in parse-url-6.0.0.tgz - autoclosed #97
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
pustovitDmytro
added a commit
that referenced
this issue
Sep 5, 2022
|
✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory. |
mend-bolt-for-github
bot
changed the title
pustovitDmytro
pushed a commit
that referenced
this issue
Sep 5, 2022
# [1.6.0](v1.5.2...v1.6.0) (2022-09-05) ### Chore * fixes npm audit vulnerabilities (#86) ([bed7507](bed7507)), closes [#86](#86) ### Docs * help Ukraine 🇺🇦 ([107ee50](107ee50)) ### Update * update git-url-parse [security]. #91 #92 #93 #94 #95 #96 #97 #98 ([b5a2d55](b5a2d55)), closes [#91](#91) [#92](#92) [#93](#93) [#94](#94) [#95](#95) [#96](#96) [#97](#97) [#98](#98)
fixcik
pushed a commit
to fixcik/semantic-release-tg
that referenced
this issue
Jan 29, 2023
# 1.0.0 (2023-01-29) ### Chore * 'Chore' semanticCommitType for updating devDependencies ([4bf79e1](4bf79e1)) * (ci) fix gitleaks version ([badd1c1](badd1c1)) * (git) Add logs to gitignore ([d4d2077](d4d2077)) * (refactor) remove unused argument ([6f28b59](6f28b59)) * (refactor) update code to new styleguide ([3640b8d](3640b8d)) * (release) add version 1.0.2 [skip ci] ([3428e84](3428e84)) * (release) add version 1.0.3 [skip ci] ([ac76775](ac76775)) * (release) add version 1.0.4 [skip ci] ([8406f78](8406f78)) * (release) add version 1.0.5 [skip ci] ([3b43358](3b43358)) * (release) add version 1.1.0 [skip ci] ([39504b1](39504b1)), closes [pustovitDmytro#13](https://github.com/ichirkin/semantic-release-tg/issues/13) [pustovitDmytro#13](https://github.com/ichirkin/semantic-release-tg/issues/13) * (release) add version 1.2.0 [skip ci] ([a75ae05](a75ae05)), closes [pustovitDmytro#12](https://github.com/ichirkin/semantic-release-tg/issues/12) [pustovitDmytro#12](https://github.com/ichirkin/semantic-release-tg/issues/12) * (release) add version 1.2.1 [skip ci] ([9e0f1fd](9e0f1fd)) * (release) add version 1.2.10 [skip ci] ([e6b9981](e6b9981)) * (release) add version 1.2.11 [skip ci] ([464b117](464b117)) * (release) add version 1.2.12 [skip ci] ([edd63e7](edd63e7)) * (release) add version 1.2.13 [skip ci] ([b5a9642](b5a9642)) * (release) add version 1.2.14 [skip ci] ([0ecc3da](0ecc3da)), closes [pustovitDmytro#36](https://github.com/ichirkin/semantic-release-tg/issues/36) [pustovitDmytro#34](https://github.com/ichirkin/semantic-release-tg/issues/34) * (release) add version 1.2.15 [skip ci] ([0fcfd38](0fcfd38)), closes [pustovitDmytro#44](https://github.com/ichirkin/semantic-release-tg/issues/44) * (release) add version 1.2.16 [skip ci] ([3d4654c](3d4654c)), closes [pustovitDmytro#47](https://github.com/ichirkin/semantic-release-tg/issues/47) * (release) add version 1.2.2 [skip ci] ([19fbebb](19fbebb)) * (release) add version 1.2.3 [skip ci] ([2e47fff](2e47fff)) * (release) add version 1.2.4 [skip ci] ([a4670b8](a4670b8)) * (release) add version 1.2.5 [skip ci] ([a005bba](a005bba)) * (release) add version 1.2.6 [skip ci] ([4b9b750](4b9b750)) * (release) add version 1.2.7 [skip ci] ([70fcb17](70fcb17)) * (release) add version 1.2.8 [skip ci] ([9e665e4](9e665e4)) * (release) add version 1.2.9 [skip ci] ([f88fe56](f88fe56)) * (release) add version 1.3.0 [skip ci] ([24483b8](24483b8)), closes [pustovitDmytro#48](https://github.com/ichirkin/semantic-release-tg/issues/48) [pustovitDmytro#14](https://github.com/ichirkin/semantic-release-tg/issues/14) [pustovitDmytro#14](https://github.com/ichirkin/semantic-release-tg/issues/14) * (release) add version 1.4.0 [skip ci] ([4b295b8](4b295b8)) * (release) add version 1.5.0 [skip ci] ([9d261a4](9d261a4)) * (release) add version 1.5.1 [skip ci] ([538e7d2](538e7d2)) * (release) add version 1.5.2 [skip ci] ([f63e034](f63e034)), closes [pustovitDmytro#73](https://github.com/ichirkin/semantic-release-tg/issues/73) [pustovitDmytro#73](https://github.com/ichirkin/semantic-release-tg/issues/73) [pustovitDmytro#76](https://github.com/ichirkin/semantic-release-tg/issues/76) [pustovitDmytro#76](https://github.com/ichirkin/semantic-release-tg/issues/76) [pustovitDmytro#55](https://github.com/ichirkin/semantic-release-tg/issues/55) [pustovitDmytro#72](https://github.com/ichirkin/semantic-release-tg/issues/72) [pustovitDmytro#58](https://github.com/ichirkin/semantic-release-tg/issues/58) [pustovitDmytro#78](https://github.com/ichirkin/semantic-release-tg/issues/78) * (release) add version 1.6.0 [skip ci] ([36ddd9d](36ddd9d)), closes [pustovitDmytro#86](https://github.com/ichirkin/semantic-release-tg/issues/86) [pustovitDmytro#86](https://github.com/ichirkin/semantic-release-tg/issues/86) [pustovitDmytro#91](https://github.com/ichirkin/semantic-release-tg/issues/91) [pustovitDmytro#92](https://github.com/ichirkin/semantic-release-tg/issues/92) [pustovitDmytro#93](https://github.com/ichirkin/semantic-release-tg/issues/93) [pustovitDmytro#94](https://github.com/ichirkin/semantic-release-tg/issues/94) [pustovitDmytro#95](https://github.com/ichirkin/semantic-release-tg/issues/95) [pustovitDmytro#96](https://github.com/ichirkin/semantic-release-tg/issues/96) [pustovitDmytro#97](https://github.com/ichirkin/semantic-release-tg/issues/97) [pustovitDmytro#98](https://github.com/ichirkin/semantic-release-tg/issues/98) * (test) helper packages for tests ([e195b58](e195b58)) * (test) working with tmp dir for test factory ([cfeafbc](cfeafbc)) * (tests) clearCache on module load is optional ([96c2ae5](96c2ae5)) * (tests) moves load to factory ([4acb941](4acb941)) * additional quotes in glob pattern ([f6d15cf](f6d15cf)) * adds a security policy ([ed86aba](ed86aba)) * adds 'typo' PR template ([e20404d](e20404d)) * adds appveyor ([d560b4e](d560b4e)) * adds bump strategy for devDependencies (non-major) ([03c9587](03c9587)) * adds CIRCLE_SKIP_DEPLOY variable ([231549d](231549d)) * adds circle-ci conditions ([5a40980](5a40980)) * adds CODE_OF_CONDUCT ([a969a8d](a969a8d)) * adds commitlint ([38ded63](38ded63)) * adds configuration tests ([25eb1aa](25eb1aa)) * adds danger to circle-ci ([ae48ac3](ae48ac3)) * adds danger to validate pr ([7fb7040](7fb7040)) * adds danger token to circle ([82f4156](82f4156)) * adds dangerfile to npm ignore ([8842c70](8842c70)) * adds dummy line to calc coverage ([800de67](800de67)) * adds empty line to pr comment ([36d8a09](36d8a09)) * adds gitleaks to circle pipeline ([114946e](114946e)) * adds jscpd to ignore ([8520cea](8520cea)) * adds lifecycle method tests ([020e54b](020e54b)) * adds lock file lint ([f5a4679](f5a4679)) * adds pr context ([ce163d9](ce163d9)) * adds sonarcloud config ([c92973d](c92973d)) * adds sponsorships ([35ed8e0](35ed8e0)) * adds stabilityDays to renovate ([3b262bc](3b262bc)) * adds target branch to semantic release ([c4fb3f1](c4fb3f1)) * adds technical dept check ([e16a8e2](e16a8e2)) * adds telegra.ph release notes ([aa811a5](aa811a5)) * adds test-results to circle-ci ([767c5b3](767c5b3)) * adds tests for packing process ([9b9602d](9b9602d)) * adds tests for prior node versions ([4b00012](4b00012)) * adds trusted bots to danger ([892f4a1](892f4a1)) * adds whitesorce bolt bot ([0888eee](0888eee)) * calc fossa results in cirrus ([b2b48c1](b2b48c1)) * change extention of test files to .test.js ([d84ac03](d84ac03)) * change renovate schedule ([b983eab](b983eab)) * change tgz label ([5e0e512](5e0e512)) * combine mine packages in renovate updates ([54c97b8](54c97b8)) * contributor login in danger message ([76349e6](76349e6)) * corrected extglob matching ([72a2201](72a2201)) * corrected pack pattern ([273497a](273497a)) * create auto pr for major dependencies ([d2583a6](d2583a6)) * deploy ci as single command ([96c2800](96c2800)) * deploy in circle-ci ([a62a5f2](a62a5f2)) * disable build for coverage check ([0b6e984](0b6e984)) * dont pin devDeps in renovate ([5fb0e8d](5fb0e8d)) * dont store package-tests artifacts ([50ebff1](50ebff1)) * drop semantic-release preinstalled plugins ([69b1950](69b1950)) * enhance own updates commit messages ([49a2365](49a2365)) * exit code 0 when skip ([f6ee0bf](f6ee0bf)) * export default in tests ([9d210e6](9d210e6)) * fill test entry with template ([9177859](9177859)) * fix json in renovate ([8ad7928](8ad7928)) * fix lint ([6faae88](6faae88)) * fixes audit ([14597ff](14597ff)) * fixes audit [devDependencies] ([d08b1fc](d08b1fc)) * fixes audit vulnerabilities ([b29bc33](b29bc33)) * fixes Breaking increment in semantic-release ([d1c4d53](d1c4d53)) * fixes ci ([0576a01](0576a01)) * Fixes danger-pr in circe-ci ([adff8b3](adff8b3)) * fixes debt typo in travis job ([f9fd463](f9fd463)) * fixes later schedule ([a0cfb5c](a0cfb5c)) * fixes npm audit ([c3beccd](c3beccd)) * fixes npm audit vulnerabilities (pustovitDmytro#100) ([cdc815c](cdc815c)), closes [pustovitDmytro#100](https://github.com/ichirkin/semantic-release-tg/issues/100) * fixes npm audit vulnerabilities (pustovitDmytro#86) ([bed7507](bed7507)), closes [pustovitDmytro#86](https://github.com/ichirkin/semantic-release-tg/issues/86) * fixes package process ([364e26b](364e26b)) * fixes prevent require handler ([7923f0e](7923f0e)) * fixes renovate config ([982abaf](982abaf)) * fixes renovate config ([05c5bc5](05c5bc5)) * fixes some npm audit vulnerabilities ([9330c38](9330c38)) * fixes some npm audit vulnerabilities ([f7a14d5](f7a14d5)) * fixes some npm audit vulnerabilities (pustovitDmytro#73) ([30c5480](30c5480)), closes [pustovitDmytro#73](https://github.com/ichirkin/semantic-release-tg/issues/73) * fixes some npm audit vulnerabilities (pustovitDmytro#76) ([47a36ec](47a36ec)), closes [pustovitDmytro#76](https://github.com/ichirkin/semantic-release-tg/issues/76) * fixes spellcheck in bugreport ([7d754b6](7d754b6)) * ignoring all for npm packaging ([409201a](409201a)) * improves test coverage ([3fc8885](3fc8885)) * integrate APPVEYOR_BUILD_ID to build tests ([16cdd48](16cdd48)) * integrate fossa ([b65e961](b65e961)) * integrate lalaps ([dd4f238](dd4f238)) * integrate node-package-tester ([9d53bf3](9d53bf3)) * inverse logical condition ([65dd0ad](65dd0ad)) * Lock file maintenance ([29fe760](29fe760)) * Lock file maintenance ([88cb4d5](88cb4d5)) * Lock file maintenance ([9892cc5](9892cc5)) * Lock file maintenance ([46770a5](46770a5)) * Lock file maintenance ([98e62b3](98e62b3)) * Lock file maintenance ([74163b1](74163b1)) * Lock file maintenance ([7af4484](7af4484)) * Lock file maintenance ([22cb995](22cb995)) * Lock file maintenance ([1ffc991](1ffc991)) * Lock file maintenance ([9fe500e](9fe500e)) * Lock file maintenance ([47bfacf](47bfacf)) * Lock file maintenance ([19c2389](19c2389)) * Lock file maintenance ([2b00aec](2b00aec)) * Lock file maintenance ([dea06c9](dea06c9)) * Lock file maintenance ([e0043d8](e0043d8)) * Lock file maintenance ([9a696a1](9a696a1)) * Lock file maintenance ([5d305a8](5d305a8)) * Lock file maintenance ([820de87](820de87)) * Lock file maintenance ([cdf4f11](cdf4f11)) * Lock file maintenance ([3291a21](3291a21)) * Lock file maintenance ([1515995](1515995)) * Lock file maintenance (pustovitDmytro#55) ([07a6576](07a6576)), closes [pustovitDmytro#55](https://github.com/ichirkin/semantic-release-tg/issues/55) * Lock file maintenance (pustovitDmytro#72) ([c092cd1](c092cd1)), closes [pustovitDmytro#72](https://github.com/ichirkin/semantic-release-tg/issues/72) * move init-hooks to separate file ([ed57dc1](ed57dc1)) * multi os tests for travis ([7c8ce28](7c8ce28)) * not allow to fail on node 16 ([22ed683](22ed683)) * not fail package if no tmp exists ([5693813](5693813)) * package-tester improvements ([d5d868b](d5d868b)) * prevent package:test from using devdependencies ([dc896f3](dc896f3)) * removes unused devDependencies ([ddb100a](ddb100a)) * replace appveyor to actions ([13aff75](13aff75)) * replace repo link ([1fa5bef](1fa5bef)) * run pr workflow only for pull requests ([03e0b08](03e0b08)) * set myself as default assignee in pr ([0dcd0ce](0dcd0ce)) * set YARGS_MIN_NODE_VERSION 10 ([9b6bef9](9b6bef9)) * split circle ci jobs ([9f75a6b](9f75a6b)) * telegram notifications on release ([3a8036a](3a8036a)) * test-security in separete ci job ([a4bd846](a4bd846)) * test-security in separete ci job ([9559dbc](9559dbc)) * tests/entry.js module resolving ([c840f8b](c840f8b)) * update .renovaterc to automerge after successfull checks ([2e76ceb](2e76ceb)) * Update commitlint monorepo to v13 ([e3dae5d](e3dae5d)) * update default renovate rules ([7e83bc4](7e83bc4)) * Update dependency @rollup/plugin-commonjs to v19 ([6d570e2](6d570e2)) * Update dependency @rollup/plugin-commonjs to v19 ([bf29948](bf29948)) * Update dependency @rollup/plugin-node-resolve to v13 ([53e966b](53e966b)) * Update dependency @rollup/plugin-node-resolve to v13 ([265fd82](265fd82)) * Update dependency babel-plugin-module-resolver to v4 ([b8eb86f](b8eb86f)) * Update dependency eslint to v7 ([0e79e0f](0e79e0f)) * Update dependency eslint-plugin-more to v1 ([9d6d39c](9d6d39c)) * Update dependency eslint-plugin-regexp to ^0.12.0 ([51ff304](51ff304)) * Update dependency eslint-plugin-regexp to ^0.12.0 ([fd87073](fd87073)) * Update dependency eslint-plugin-regexp to ^0.13.0 ([68f3368](68f3368)) * Update dependency eslint-plugin-regexp to ^0.13.0 (pustovitDmytro#36) ([3a8d3ec](3a8d3ec)), closes [pustovitDmytro#36](https://github.com/ichirkin/semantic-release-tg/issues/36) * Update dependency eslint-plugin-sonarjs to ^0.9.0 ([81d9681](81d9681)) * Update dependency eslint-plugin-sonarjs to ^0.9.0 ([2a973fa](2a973fa)) * Update dependency eslint-plugin-unicorn to v33 ([bfa00ff](bfa00ff)) * Update dependency eslint-plugin-unicorn to v33 ([af4b541](af4b541)) * Update dependency eslint-plugin-unicorn to v34 ([3e1b5ee](3e1b5ee)) * Update dependency eslint-plugin-unicorn to v34 (pustovitDmytro#34) ([86efbac](86efbac)), closes [pustovitDmytro#34](https://github.com/ichirkin/semantic-release-tg/issues/34) * Update dependency fs-extra to v10 ([a0adecc](a0adecc)) * Update dependency fs-extra to v9 ([7b9f56d](7b9f56d)) * Update dependency glob-parent to 5.1.2 [SECURITY] ([c957512](c957512)) * Update dependency husky to v7 ([3578711](3578711)) * Update dependency husky to v7 ([3718b62](3718b62)) * Update dependency mocha to v8 ([627a45b](627a45b)) * Update dependency mocha to v9 ([93b7a17](93b7a17)) * Update dependency nyc to v15 ([1caf199](1caf199)) * Update dependency uuid to v8 ([ebae34b](ebae34b)) * update deps badge ([0836169](0836169)) * Update devDependencies (non-major) ([609151a](609151a)) * Update devDependencies (non-major) ([1271abe](1271abe)) * Update devDependencies (non-major) ([06a9753](06a9753)) * Update devDependencies (non-major) ([5b1a6c3](5b1a6c3)) * Update devDependencies (non-major) ([73a2388](73a2388)) * Update devDependencies (non-major) ([51200bf](51200bf)) * Update devDependencies (non-major) ([33211c3](33211c3)) * Update devDependencies (non-major) (pustovitDmytro#44) ([e8b6f98](e8b6f98)), closes [pustovitDmytro#44](https://github.com/ichirkin/semantic-release-tg/issues/44) * Update devDependencies (non-major) (pustovitDmytro#48) ([b3f6184](b3f6184)), closes [pustovitDmytro#48](https://github.com/ichirkin/semantic-release-tg/issues/48) * Update devDependencies (non-major) (pustovitDmytro#58) ([2378225](2378225)), closes [pustovitDmytro#58](https://github.com/ichirkin/semantic-release-tg/issues/58) * Update devDependencies (non-major) to v13 ([6894ad9](6894ad9)) * update eslint ([6b174b1](6b174b1)) * update eslint ([4aac03c](4aac03c)) * update eslint-config-incredible ([2f39edb](2f39edb)) * update eslint-config-incredible ([58c31d2](58c31d2)) * Update issue templates ([8fdb1af](8fdb1af)) * update lock file ([4ffb878](4ffb878)) * Update pr template ([1d4eb34](1d4eb34)) * update readme ([fa31a49](fa31a49)) * update releaserc ([4b3227d](4b3227d)) * update releaserc ([9b072dd](9b072dd)) * update semantic release rules ([a075dab](a075dab)) * update semantic to use commit convention ([7e079b2](7e079b2)) * Update semantic-release monorepo ([b7ab2b1](b7ab2b1)) * update travis badge ([e159104](e159104)) * updates semanticCommitType rule ([1a1d119](1a1d119)) * upgrade circle-ci to 2.1 ([fab79a9](fab79a9)) * upgrade semantic-release to v.19 [security] ([0888454](0888454)) * use danger for internall pr ([d838ede](d838ede)) * use incredible eslint config ([b03d74a](b03d74a)) * use native tarball generation ([eeefda5](eeefda5)) * using static test entry ([21e5b7d](21e5b7d)) ### Docs * adds codefactor badge ([52a2a14](52a2a14)) * adds Fossa badge ([60a6703](60a6703)) * adds initial documentation ([793d82a](793d82a)) * adds node releases roadmap ([ba16142](ba16142)) * change travis badge to circle-ci ([ebabb61](ebabb61)) * changes size-url ([ecc2fc2](ecc2fc2)) * fixes spellcheck ([bc06d85](bc06d85)) * help Ukraine 🇺🇦 ([107ee50](107ee50)) * move Contributing Guidelines to separate file. ([081e4ed](081e4ed)) * prettify modified_files as markdown list in pr ([6397f60](6397f60)) * prettify modified_files list in pr ([ecce71a](ecce71a)) * removes ) from badge ([b986009](b986009)) * reorder badges ([ed6d250](ed6d250)) * update badges ([ffe57a1](ffe57a1)) * update screenshot to match new templates ([5367d10](5367d10)) * update snyk badge ([a7fbb1d](a7fbb1d)) * update year in license ([e2dec02](e2dec02)) * update year in license ([1aa3c35](1aa3c35)) ### Fix * [security] update dependencies to resolve audit issues ([389e02b](389e02b)) * adds missing modules ([fc14911](fc14911)) * adds templates to package ([5b86fe3](5b86fe3)) * fixes typo ([4f8ced4](4f8ced4)) * move fs-extra to dependencies ([9ab1954](9ab1954)) * set babel target node version to 10 ([f736568](f736568)) ### New * add Licence ([2204db1](2204db1)) * adds `telegra.ph` integration. Closes pustovitDmytro#14 ([da2e0f9](da2e0f9)), closes [pustovitDmytro#14](https://github.com/ichirkin/semantic-release-tg/issues/14) * adds assets (closes pustovitDmytro#12) ([95ee7a7](95ee7a7)), closes [pustovitDmytro#12](https://github.com/ichirkin/semantic-release-tg/issues/12) * adds circle-ci ([4f55862](4f55862)) * adds context to circle-ci ([a3a1f33](a3a1f33)) * adds initial functionality ([f97ece7](f97ece7)) * adds release_type to success template ([8d55b82](8d55b82)) * adds renovate ([1e32c02](1e32c02)) * adds templates ([848d448](848d448)) * initialize npm boilerplate ([5f9269a](5f9269a)) * integrate cottus validator ([45f5ba6](45f5ba6)) * resolves repo url (closes pustovitDmytro#13) ([0f670dd](0f670dd)), closes [pustovitDmytro#13](https://github.com/ichirkin/semantic-release-tg/issues/13) ### Update * move remark-telegraph to separate package ([2cba043](2cba043)) * telegram version ([b8e6018](b8e6018)) * update git-url-parse [security]. pustovitDmytro#91 pustovitDmytro#92 pustovitDmytro#93 pustovitDmytro#94 pustovitDmytro#95 pustovitDmytro#96 pustovitDmytro#97 pustovitDmytro#98 ([b5a2d55](b5a2d55)), closes [pustovitDmytro#91](https://github.com/ichirkin/semantic-release-tg/issues/91) [pustovitDmytro#92](https://github.com/ichirkin/semantic-release-tg/issues/92) [pustovitDmytro#93](https://github.com/ichirkin/semantic-release-tg/issues/93) [pustovitDmytro#94](https://github.com/ichirkin/semantic-release-tg/issues/94) [pustovitDmytro#95](https://github.com/ichirkin/semantic-release-tg/issues/95) [pustovitDmytro#96](https://github.com/ichirkin/semantic-release-tg/issues/96) [pustovitDmytro#97](https://github.com/ichirkin/semantic-release-tg/issues/97) [pustovitDmytro#98](https://github.com/ichirkin/semantic-release-tg/issues/98) ### Upgrade * package.json & package-lock.json to reduce vulnerabilities (pustovitDmytro#47) ([fce56d1](fce56d1)), closes [pustovitDmytro#47](https://github.com/ichirkin/semantic-release-tg/issues/47) * Pin dependencies ([42d97eb](42d97eb)) * Pin dependencies ([445bbc4](445bbc4)) * Update dependency base-api-client to v1.2.1 ([0a374b3](0a374b3)) * Update dependency base-api-client to v1.2.2 ([c0b144d](c0b144d)) * Update dependency base-api-client to v1.4.4 ([5d12eb9](5d12eb9)) * Update dependency base-api-client to v1.4.5 ([9fb2bc8](9fb2bc8)) * Update dependency base-api-client to v1.5.1 ([f4c1797](f4c1797)) * Update dependency base-api-client to v1.5.2 ([8a3122f](8a3122f)) * Update dependency git-url-parse to v11.5.0 ([04b2b9b](04b2b9b)) * Update dependency git-url-parse to v11.6.0 ([0ee4167](0ee4167)) * Update dependency myrmidon to v1.5.0 ([cf4a5a0](cf4a5a0)) * Update dependency myrmidon to v1.5.1 ([03b4c49](03b4c49)) * Update dependency myrmidon to v1.5.2 ([84d9783](84d9783)) * Update dependency myrmidon to v1.5.3 ([24bdf7b](24bdf7b)) * Update dependency myrmidon to v1.5.8 ([5819c0a](5819c0a)) * Update dependency myrmidon to v1.6.1 ([306881a](306881a)) * Update pustovitDmytro's packages (pustovitDmytro#78) ([1223bd1](1223bd1)), closes [pustovitDmytro#78](https://github.com/ichirkin/semantic-release-tg/issues/78) * updates dependencies to pass package tests ([acc0f5b](acc0f5b))
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WS-2022-0237 - High Severity Vulnerability
An advanced url parser supporting git urls too.
Library home page: https://registry.npmjs.org/parse-url/-/parse-url-6.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/parse-url/package.json
Dependency Hierarchy:
Found in base branch: master
Regular Expression Denial of Service (ReDoS) in ionicabizau/parse-url before 8.0.0.
It allows cause a denial of service when calling function parse-url
Publish Date: 2022-07-04
URL: WS-2022-0237
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Release Date: 2022-07-04
Fix Resolution: parse-url - 8.0.0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: