devextreme-react icon indicating copy to clipboard operation
devextreme-react copied to clipboard
verified publisher icon DevExpress

chore(deps): update dependency parse-url to 8.1.0 [security]

Open renovate[bot] opened this issue 3 years ago • 1 comments

Mend Renovate

This PR contains the following updates:

Package Change
parse-url 6.0.0 -> 8.1.0

GitHub Vulnerability Alerts

CVE-2022-0722

Exposure of Sensitive Information to an Unauthorized Actor via hostname confusion in GitHub repository ionicabizau/parse-url prior to 6.0.1

CVE-2022-2217

Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 6.0.1

CVE-2022-2216

Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0.

CVE-2022-2218

Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0.

CVE-2022-2900

Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0.

CVE-2022-3224

parse-url prior to 8.1.0 is vulnerable to Misinterpretation of Input. parse-url parses certain http or https URLs incorrectly, identifying the URL's protocol as ssh. It may also parse the host name incorrectly.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled due to failing status checks.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] avatar Jul 06 '22 01:07 renovate[bot]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json
lerna notice cli v3.22.1
lerna info versioning independent
lerna notice cli v3.22.1
lerna info versioning independent
lerna info Bootstrapping 3 packages
lerna info Installing external dependencies
lerna ERR! npm install --ignore-scripts --ignore-scripts --no-audit --package-lock-only exited 1 in 'devextreme-react-generator'

renovate[bot] avatar Jul 06 '22 01:07 renovate[bot]