parse-uri security alert #249
Description
Can you please investigate and remedy the parse-uri vulnerability? I have been ignoring the GitHub security warning for the last 6 months and I understand there is low risk given the use-case. If you are not planning to address this I will dismiss the alert, but I hope you can resolve this at source.
Background
parse-uri Regular expression Denial of Service (ReDoS)
An issue in parse-uri v1.0.9 allows attackers to cause a Regular expression Denial of Service (ReDoS) via a crafted URL.
Affected versions: < 2.0.0
Dependency Graph
@ricado/api-client 2.6.1 > socket.io-client 2.5.0 > parse-uri 0.0.6.
@ricado/api-client@latest is 2.6.1
socket.io-client@latest is 4.8.0 (Oct'24) - seems to drop use parse-uri.
Metadata
Metadata
Assignees
Labels
No labels