Skip to content

url-parse security vulnerability issue update to ^1.5.2 #551

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
drjauss wants to merge 1 commit into from
Closed

url-parse security vulnerability issue update to ^1.5.2 #551

drjauss wants to merge 1 commit into from

Conversation

@drjauss
Copy link

@drjauss drjauss commented Aug 9, 2021
edited
Loading

@drjauss drjauss mentioned this pull request Aug 9, 2021
Closed
@brycekahle
Copy link
Contributor

brycekahle commented Aug 11, 2021

@drjauss This PR seems to remove a bunch of content from the package-lock.json file. Can you redo? Otherwise I can do the url-parse upgrade this evening (PDT).

@drjauss
Copy link
Author

drjauss commented Aug 11, 2021
edited
Loading

@drjauss This PR seems to remove a bunch of content from the package-lock.json file. Can you redo? Otherwise I can do the url-parse upgrade this evening (PDT).

Hello @brycekahle, thank you for your reply,
these are changes happening after running npm install [email protected].
I removed them in order for you to check if those lockfile changes were needed.

Thank you! 👍

@iorrah
Copy link

iorrah commented Aug 13, 2021
edited
Loading

Hello @brycekahle, this PR has been updated by @drjauss. Could you please check again? Thank you 🙂

@leslieli
Copy link

leslieli commented Aug 20, 2021

[email protected] was released, see https://github.com/unshiftio/url-parse/tags.

Do we need to upgrade the url-parse dependency to 1.5.3?

@drjauss
Copy link
Author

drjauss commented Aug 20, 2021

[email protected] was released, see https://github.com/unshiftio/url-parse/tags.

Do we need to upgrade the url-parse dependency to 1.5.3?

Hi @leslieli , I think the purpose of this PR/issue is to solve the security vulnerability exposed on the 1.5.1, but we could also do so.

@leslieli
Copy link

leslieli commented Aug 20, 2021

Thanks.

@leslieli
Copy link

leslieli commented Aug 23, 2021

Hi @brycekahle , could you please review again? Thanks.

@iorrah
Copy link

iorrah commented Aug 24, 2021

Hi @brycekahle, is there something missing in order for this PR to be merged?

@brycekahle
Copy link
Contributor

brycekahle commented Aug 24, 2021

Hi folks. I just committed a fix and published 1.5.2.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@drjauss @brycekahle @iorrah @leslieli