Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(package): update sockjs-client v1.1.5...1.3.0 (url-parse vulnerability) #1537

Merged
merged 1 commit into from
Oct 23, 2018

Conversation

sarbbottam
Copy link
Contributor

  • This is a bugfix
  • This is a code refactor
  • This is a test update
  • This is a typo fix
  • This is a metadata update

For Bugs and Features; did you add new tests?

N/A - the bug is not in webpack-dev-server but a dependency.

Motivation / Use-Case

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.
Please refer https://nvd.nist.gov/vuln/detail/CVE-2018-3774 for further details.

Breaking Changes

NA

Additional Info

NA

@jsf-clabot
Copy link

jsf-clabot commented Oct 23, 2018

CLA assistant check
All committers have signed the CLA.

@michael-ciniawsky michael-ciniawsky changed the title fix(url-parse): updated sockjs-client to address url-parse vulnerability fix(package): update sockjs-client v1.1.5...1.3.0 (url-parse vulnerability) Oct 23, 2018
@michael-ciniawsky michael-ciniawsky added this to the 3.1.10 milestone Oct 23, 2018
Copy link
Member

@michael-ciniawsky michael-ciniawsky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@codecov
Copy link

codecov bot commented Oct 23, 2018

Codecov Report

Merging #1537 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #1537   +/-   ##
=======================================
  Coverage   74.02%   74.02%           
=======================================
  Files          10       10           
  Lines         666      666           
=======================================
  Hits          493      493           
  Misses        173      173

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d2f4902...e0fdbb0. Read the comment docs.

@michael-ciniawsky
Copy link
Member

Released in v3.1.10 🎉

This was referenced Mar 13, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants