[Snyk] Upgrade url-parse from 1.4.3 to 1.5.3

[snyk-bot]

Snyk has created this PR to upgrade url-parse from 1.4.3 to 1.5.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 8 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2021-07-25.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Improper Input Validation SNYK-JS-URLPARSE-543307	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
	Open Redirect SNYK-JS-URLPARSE-1533425	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-1078283	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: url-parse

• 1.5.3 - 2021-07-25
  

  [dist] 1.5.3

• 1.5.2 - 2021-07-25
  

  [dist] 1.5.2

• 1.5.1 - 2021-02-18
  

  [dist] 1.5.1

• 1.5.0 - 2021-02-17
  

  [dist] 1.5.0

• 1.4.7 - 2019-04-26
  

  [dist] 1.4.7

• 1.4.6 - 2019-04-12
  

  [dist] 1.4.6

• 1.4.5 - 2019-04-11
  

  [dist] 1.4.5

• 1.4.4 - 2018-11-05
  

  [dist] 1.4.4

• 1.4.3 - 2018-07-29
  

  [dist] 1.4.3

from url-parse GitHub release notes

Commit messages

Package name: url-parse

• ad44493 [dist] 1.5.3
• c798461 [fix] Fix host parsing for file URLs ([Snyk] Security upgrade com.fasterxml.jackson.core:jackson-databind from 2.10.5.1 to 2.13.0 #210)
• 201034b [dist] 1.5.2
• 2d9ac2c [fix] Sanitize only special URLs ([Snyk] Security upgrade com.fasterxml.jackson.core:jackson-databind from 2.10.4 to 2.13.0 #209)
• fb128af [fix] Use `'null'` as `origin` for non special URLs
• fed6d9e [fix] Add a leading slash only if the URL is special
• 94872e7 [fix] Do not incorrectly set the `slashes` property to `true`
• 81ab967 [fix] Ignore slashes after the protocol for special URLs
• ee22050 [ci] Use GitHub Actions
• d2979b5 [fix] Special case the `file:` protocol ([Snyk] Fix for 1 vulnerabilities #204)
• 9f43f43 [pkg] Update browserify to version 17.0.0
• af84da0 [test] Fix multiple mixed slashes test
• eb6d9f5 [dist] 1.5.1
• 750d8e8 [fix] Fixes relative path resolving [Snyk] Fix for 1 vulnerabilities #199 [Snyk] Fix for 1 vulnerabilities #200 ([Snyk] Security upgrade com.fasterxml.jackson.datatype:jackson-datatype-joda from 2.9.7 to 2.13.0 #201)
• 3ac7774 [test] Make test consistent for browser testing
• 267a0c6 [dist] 1.5.0
• d1e7e88 [security] More backslash fixes ([Snyk] Fix for 1 vulnerabilities #197)
• d99bf4c [ignore] Remove npm-debug.log from .gitignore
• 422c8b5 [pkg] Replace nyc with c8
• 933809d [pkg] Move coveralls to dev dependencies
• 190b216 [pkg] Add .npmrc
• ce3783f [test] Do not test on all available versions of Edge and Safari
• 77c1184 [pkg] Update mocha to version 8.0.1
• 673c3a7 [travis] Test on node 14

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs