graylog-plugin-collector
graylog-plugin-collector copied to clipboard
Graylog2
Bump urijs from 1.19.10 to 1.19.11
Bumps urijs from 1.19.10 to 1.19.11.
Release notes
Sourced from urijs's releases.
1.19.11 (April 3rd 2022)
- SECURITY fixing
URI.parse()handle excessive slashes in scheme-relative URLs - disclosed by zeyu2001 via https://huntr.dev/- SECURITY fixing
URI.parse()remove\r(CR),\n, (LF)\t(TAB) - disclosed by haxatron via https://huntr.dev/
Changelog
Sourced from urijs's changelog.
1.19.11 (April 3rd 2022)
- SECURITY fixing
URI.parse()handle excessive slashes in scheme-relative URLs - disclosed by zeyu2001 via https://huntr.dev/- SECURITY fixing
URI.parse()remove\r(CR),\n, (LF)\t(TAB) - disclosed by haxatron via https://huntr.dev/
Commits
b655c1bchore(build): bumping to version 1.19.11b0c9796fix(parse): handle CR,LF,TAB88805fdfix(parse): handle excessive slashes in scheme-relative URLs- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebasewill rebase this PR -
@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it -
@dependabot mergewill merge this PR after your CI passes on it -
@dependabot squash and mergewill squash and merge this PR after your CI passes on it -
@dependabot cancel mergewill cancel a previously requested merge and block automerging -
@dependabot reopenwill reopen this PR if it is closed -
@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}
Looks like this PR is already up-to-date with master! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.