normalize-url v3 is vulnerable #130

lykims · 2021-06-29T13:14:31Z

Following the issues IonicaBizau/parse-url#19 and IonicaBizau/git-up#24, git-url-parse should have an updated version of git-up to fix the vulnerability.

Two versions to verify:

[email protected] uses [email protected] that uses [email protected], and [email protected] does not seem to be compatible with Safari.
[email protected] only requires [email protected] which seems to be OK with Safari. See if git-up could have another version that uses [email protected].

The text was updated successfully, but these errors were encountered:

IonicaBizau · 2021-07-01T07:52:36Z

Thank you for this, @lykims! I will try to solve this ASAP...

agoldis · 2021-07-31T08:11:28Z

For those who need Safari support, inline version w/o normalize-url

lykims mentioned this issue Jun 29, 2021

normalize-url v3 is vulnerable IonicaBizau/git-up#24

Closed

erha19 mentioned this issue Feb 10, 2022

Safari 上首页报错白屏 opensumi/docs#2

Closed

MelsHyrule mentioned this issue Mar 3, 2022

Revert "Allows for SSH GitHub Repo" ManageIQ/manageiq-ui-classic#8157

Merged

IonicaBizau mentioned this issue Jun 27, 2022

git-url-parse 12.0.0 #138

Merged

IonicaBizau closed this as completed in #138 Jun 27, 2022

nurrony mentioned this issue Aug 30, 2024

[Snyk] Upgrade git-url-parse from 11.1.2 to 14.1.0 nurrony/gtni#160

Open

nurrony mentioned this issue Sep 16, 2024

[Snyk] Upgrade: , async-each, git-url-parse, ora, path-exists, shelljs, yargs nurrony/gtni#164

Open

Provide feedback