[Snyk] Upgrade urijs from 1.18.10 to 1.19.11 #5
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)
Snyk has created this PR to upgrade urijs from 1.18.10 to 1.19.11.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 14 versions ahead of your current version.
The recommended version was released on 2 years ago.
Issues fixed by the recommended upgrade:
SNYK-JS-LODASH-1040724
SNYK-JS-LODASH-450202
SNYK-JS-LODASH-567746
SNYK-JS-LODASH-608086
SNYK-JS-LODASH-6139239
SNYK-JS-LODASH-73638
SNYK-JS-URIJS-1319806
SNYK-JS-LODASH-1018905
SNYK-JS-LODASH-73639
npm:lodash:20180130
SNYK-JS-URIJS-2401466
SNYK-JS-URIJS-2415026
SNYK-JS-URIJS-2419067
SNYK-JS-URIJS-2440699
SNYK-JS-URIJS-2441239
SNYK-JS-URIJS-1055003
SNYK-JS-URIJS-1078286
SNYK-JS-URIJS-1319803
Release notes
Package name: urijs
URI.parse()
handle excessive slashes in scheme-relative URLs - disclosed by zeyu2001 via https://huntr.dev/URI.parse()
remove\r
(CR),\n
, (LF)\t
(TAB) - disclosed by haxatron via https://huntr.dev/URI.parse()
handle excessive colons in protocol delimiter - disclosed by huydoppa via https://huntr.dev/URI.parse()
handle leading whitespace - disclosed by p0cas via https://huntr.dev/URI.parse()
treat scheme case-insenstivie when handling excessive slackes and backslashes - PR #412 by r0hanSHURI.parseQuery()
to prevent overwriting__proto__
in parseQuery() - disclosed privately by @ NewEraCrackerURI.parse()
to handle variable amounts of\
and/
in scheme delimiter as Node and Browsers do - disclosed privately by ready-research via https://huntr.dev/URI.parse()
to rewrite\
in scheme delimiter to/
as Node and Browsers do - disclosed privately by Yaniv Nizry from the CxSCA AppSec team at CheckmarxURI.parseAuthority()
to rewrite\
to/
as Node and Browsers do - followed up to by alesandroortiz in PR #403, relates to Issue #233URI.parseAuthority()
to rewrite\
to/
as Node and Browsers do - disclosed privately by alesandroortiz, relates to Issue #233URI.build()
to properly handle relative paths when a scheme is given - Issue #387URI.buildQuery()
to properly handle empty param name - Issue #243, PR #383Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: