url-parse critical security patch
r4d opened this issue · comments
ryan commented
url-parse security advisory update: GHSA-hgjh-723h-mx2j
Update url-parse > v1.5.8
Andrey commented
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.
AndyDudleyAdvanced commented
Hi,
Is there any reason why the reference to url-parse hasn't been updated to the patched version? (1.5.9)
Colin Casey commented
@AndyDudleyAdvanced when you npm install tough-cookie
it should resolve the url-parse
dependency to version 1.5.10
since the range declared in package.json is ^1.5.3
.
Colin Casey commented
Closing this issue since the version of url-parse
resolved when installing tough-cookie
is not affected by GHSA-hgjh-723h-mx2j (see the comment above).