Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update url-parse to latest version to mitigate Security issue. #302

Closed

Conversation

AndyDudleyAdvanced
Copy link

@AndyDudleyAdvanced AndyDudleyAdvanced commented Sep 14, 2023

Fixes GHSA-hgjh-723h-mx2j

referenced in this issue:

#260

@awaterma
Copy link
Member

@colincasey -- should we consider this p/r or a major version update for 5.0?

@colincasey
Copy link
Contributor

@awaterma I've already commented on #260 as to why this isn't a security issue for our published version of tough-cookie but I will restate it here. When you npm install tough-cookie it currently resolves the url-parse dependency to version 1.5.10 which is not affected by the vulnerability noted in this PR since the range declared in package.json is ^1.5.3.

@colincasey colincasey closed this Oct 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants