[Snyk] Upgrade url-parse from 1.4.7 to 1.5.10

[john-dot-oa]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade url-parse from 1.4.7 to 1.5.10.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 11 versions ahead of your current version.
• The recommended version was released 2 years ago, on 2022-02-22.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Improper Input Validation SNYK-JS-URLPARSE-2407770	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-1078283	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	No Known Exploit
	Open Redirect SNYK-JS-URLPARSE-1533425	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Proof of Concept
	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Proof of Concept
	Authorization Bypass SNYK-JS-URLPARSE-2407759	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: url-parse

• 1.5.10 - 2022-02-22
  

  1.5.10

• 1.5.9 - 2022-02-20
  

  1.5.9

• 1.5.8 - 2022-02-19
  

  1.5.8

• 1.5.7 - 2022-02-16
  

  1.5.7

• 1.5.6 - 2022-02-13
  

  1.5.6

• 1.5.5 - 2022-02-13
  

  1.5.5

• 1.5.4 - 2021-12-28
  

  [dist] 1.5.4

• 1.5.3 - 2021-07-25
  

  [dist] 1.5.3

• 1.5.2 - 2021-07-25
  

  [dist] 1.5.2

• 1.5.1 - 2021-02-18
  

  [dist] 1.5.1

• 1.5.0 - 2021-02-17
• 1.4.7 - 2019-04-26

from url-parse GitHub release notes

Commit messages

Package name: url-parse

• 8cd4c6c 1.5.10
• ce7a01f [fix] Improve handling of empty port
• 0071490 [doc] Update JSDoc comment
• a7044e3 [minor] Use more descriptive variable name
• d547792 [security] Add credits for CVE-2022-0691
• ad23357 1.5.9
• 0e3fb54 [fix] Strip all control characters from the beginning of the URL
• 61864a8 [security] Add credits for CVE-2022-0686
• bb0104d 1.5.8
• d5c6479 [fix] Handle the case where the port is specified but empty
• 4f2ae67 [security] Add credits for CVE-2022-0639
• 8b3f5f2 1.5.7
• ef45a13 [fix] Readd the empty userinfo to `url.href` (#226)
• 88df234 [doc] Add soft deprecation notice
• 78e9f2f [security] Fix nits
• e6fa434 [security] Add credits for incorrect handling of userinfo vulnerability
• 4c9fa23 1.5.6
• 7b0b8a6 Merge pull request #223 from unshiftio/fix/at-sign-handling-in-userinfo
• e4a5807 1.5.5
• 193b44b [minor] Simplify whitespace regex
• 319851b [fix] Remove CR, HT, and LF
• 4e53a8c [doc] Document that the returned hostname might be invalid
• 9be7ee8 [fix] Correctly handle userinfo containing the at sign
• f7774f6 [security] Fix typos in SECURITY.md

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs