parse-url is a dependency of git-up which is a dependency of git-url-parse which is a dependency of lerna. parse-url has the following file protocol spoofing vulnerability: https://huntr.dev/bounties/52060edb-e426-431b-a0d0-e70407e44f18/.
parse-url has been updated to 8.0.0 to fix the vulnerability but introduces breaking changes. https://github.com/IonicaBizau/parse-url/releases
git-up has been updated to 7.0.0 to include the parse-url changes. https://github.com/IonicaBizau/git-up/releases
git-url-parse has been updated to 13.0.0 to include the parse-url changes. https://github.com/IonicaBizau/git-url-parse/releases
Please update to git-url-parse 13.0.0 or greater.
Steps to Reproduce
N/A
Environment
N/A
parse-urlis a dependency ofgit-upwhich is a dependency ofgit-url-parsewhich is a dependency of lerna.parse-urlhas the following file protocol spoofing vulnerability: https://huntr.dev/bounties/52060edb-e426-431b-a0d0-e70407e44f18/.parse-url has been updated to 8.0.0 to fix the vulnerability but introduces breaking changes. https://github.com/IonicaBizau/parse-url/releases
git-up has been updated to 7.0.0 to include the parse-url changes. https://github.com/IonicaBizau/git-up/releases
git-url-parse has been updated to 13.0.0 to include the parse-url changes. https://github.com/IonicaBizau/git-url-parse/releases
Please update to git-url-parse 13.0.0 or greater.
Steps to Reproduce
N/A
Environment
N/A