Skip to content

parse-uri security alert #249

Description

@christiaanbasson

Can you please investigate and remedy the parse-uri vulnerability? I have been ignoring the GitHub security warning for the last 6 months and I understand there is low risk given the use-case. If you are not planning to address this I will dismiss the alert, but I hope you can resolve this at source.

Background
parse-uri Regular expression Denial of Service (ReDoS)
An issue in parse-uri v1.0.9 allows attackers to cause a Regular expression Denial of Service (ReDoS) via a crafted URL.
Affected versions: < 2.0.0

Dependency Graph
@ricado/api-client 2.6.1 > socket.io-client 2.5.0 > parse-uri 0.0.6.

@ricado/api-client@latest is 2.6.1
socket.io-client@latest is 4.8.0 (Oct'24) - seems to drop use parse-uri.

Metadata

Metadata

Labels

No labels
No labels

Type

Fields

No fields configured for Task.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions