Build(deps): [security] bump parse-url from 6.0.0 to 6.0.2 #457

Merged

argoyle merged 1 commits from dependabot-npm_and_yarn-parse-url-6.0.2 into master 2022-07-06 07:00:59 +00:00

Conversation 6 Commits 1 Files Changed 1

+5 -5

argoyle commented 2022-07-06 04:42:46 +00:00 (Migrated from gitlab.com)

Copy Link

Copy Source

Bumps parse-url from 6.0.0 to 6.0.2. This update includes security fixes.

Vulnerabilities fixed

Cross site scripting in parse-url Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 6.0.1

Patched versions: 6.0.1 Affected versions: < 6.0.1

Server-Side Request Forgery in parse-url Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0.

Patched versions: 6.0.1 Affected versions: < 6.0.1

Cross site scripting in parse-url Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0.

Patched versions: 6.0.1 Affected versions: < 6.0.1

Hostname confusion in parse-url Exposure of Sensitive Information to an Unauthorized Actor via hostname confusion in GitHub repository ionicabizau/parse-url prior to 6.0.1

Patched versions: 6.0.1 Affected versions: < 6.0.1

Commits

• See full diff in compare view

---

Dependabot commands

You can trigger Dependabot actions by commenting on this MR

• $dependabot rebase will rebase this MR
• $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

Bumps [parse-url](https://github.com/IonicaBizau/parse-url) from 6.0.0 to 6.0.2. **This update includes security fixes.** <details> <summary>Vulnerabilities fixed</summary> <blockquote> <p><strong>Cross site scripting in parse-url</strong> Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 6.0.1</p> <p>Patched versions: 6.0.1 Affected versions: &lt; 6.0.1</p> </blockquote> <blockquote> <p><strong>Server-Side Request Forgery in parse-url</strong> Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0.</p> <p>Patched versions: 6.0.1 Affected versions: &lt; 6.0.1</p> </blockquote> <blockquote> <p><strong>Cross site scripting in parse-url</strong> Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0.</p> <p>Patched versions: 6.0.1 Affected versions: &lt; 6.0.1</p> </blockquote> <blockquote> <p><strong>Hostname confusion in parse-url</strong> Exposure of Sensitive Information to an Unauthorized Actor via hostname confusion in GitHub repository ionicabizau/parse-url prior to 6.0.1</p> <p>Patched versions: 6.0.1 Affected versions: &lt; 6.0.1</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/IonicaBizau/parse-url/commits">compare view</a></li> </ul> </details> <br /> --- <details> <summary>Dependabot commands</summary> <br /> You can trigger Dependabot actions by commenting on this MR - `$dependabot rebase` will rebase this MR - `$dependabot recreate` will recreate this MR rewriting all the manual changes and resolving conflicts </details>

argoyle commented 2022-07-06 06:30:02 +00:00 (Migrated from gitlab.com)

Copy Link

Copy Source

added 2 commits

• 7aeec8cf - 1 commit from branch master
• b0ca60d5 - Build(deps): [security] bump parse-url from 6.0.0 to 6.0.2

Compare with previous version

added 2 commits <ul><li>7aeec8cf - 1 commit from branch <code>master</code></li><li>b0ca60d5 - Build(deps): [security] bump parse-url from 6.0.0 to 6.0.2</li></ul> [Compare with previous version](/unboundsoftware/dancefinder/dancefinder-app/-/merge_requests/408/diffs?diff_id=431971941&start_sha=95fdfe4475dd1c568046a9c4ce6005e50c0c30a9)

argoyle commented 2022-07-06 06:49:41 +00:00 (Migrated from gitlab.com)

Copy Link

Copy Source

$dependabot recreate

$dependabot recreate

argoyle commented 2022-07-06 06:49:42 +00:00 (Migrated from gitlab.com)

Copy Link

Copy Source

⚠️ dependabot is recreating merge request. All changes will be overwritten! ⚠️

:warning: `dependabot` is recreating merge request. All changes will be overwritten! :warning:

argoyle commented 2022-07-06 06:50:59 +00:00 (Migrated from gitlab.com)

Copy Link

Copy Source

✅ dependabot successfuly recreated merge request!

:white_check_mark: `dependabot` successfuly recreated merge request!

argoyle commented 2022-07-06 06:50:59 +00:00 (Migrated from gitlab.com)

Copy Link

Copy Source

added 2 commits

• bcc1ff9b - 1 commit from branch master
• b908a969 - Build(deps): [security] bump parse-url from 6.0.0 to 6.0.2

Compare with previous version

added 2 commits <ul><li>bcc1ff9b - 1 commit from branch <code>master</code></li><li>b908a969 - Build(deps): [security] bump parse-url from 6.0.0 to 6.0.2</li></ul> [Compare with previous version](/unboundsoftware/dancefinder/dancefinder-app/-/merge_requests/408/diffs?diff_id=431985761&start_sha=b0ca60d5bd41dd2d8a6521816c3f324ab793b3d8)

argoyle commented 2022-07-06 06:51:00 +00:00 (Migrated from gitlab.com)

Copy Link

Copy Source

resolved all threads

resolved all threads

argoyle (Migrated from gitlab.com) scheduled this pull request to auto merge when all checks succeed 2022-07-06 06:51:31 +00:00

argoyle (Migrated from gitlab.com) merged commit into master 2022-07-06 07:00:59 +00:00

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

dependencies

Pull requests that update a dependency file

docker

javascript

security

Pull requests that address a security vulnerability

severity:critical

severity:high

severity:low

severity:moderate

No Label dependencies javascript security

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

argoyle (Joakim Olsson) buildtools (Buildtools) kubernetes (Kubernetes) releaser (Unbound Releaser) renovate (Renovate Bot)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: dancefinder/dancefinder-app#457