Parse-url is a versatile npm package designed for robust URL parsing, including support for git URLs, offering developers a reliable solution for extracting and manipulating URL components. Comparing versions 6.0.5 and 6.0.4 reveals key dependency updates that users should be aware of. Version 6.0.5 relies on is-ssh@^1.3.0, protocols@^1.4.0, and parse-path@^4.0.0, while version 6.0.4 uses is-ssh@^1.4.0, protocols@^2.0.1, and parse-path@^5.0.0. Both versions share a dependency on normalize-url@^6.1.0 and the same dev dependency tester@^1.3.1.
These dependency changes might introduce subtle behavioral differences related to SSH URL parsing, protocol handling, and path manipulation. Developers should assess whether these updated dependencies align with their project's requirements and test accordingly. The size of the unpacked package is slightly smaller in version 6.0.5 (13363 bytes) compared to version 6.0.4 (15196 bytes). Both versions are licensed under the MIT license, giving developers the freedom to use and modify the package. Authored by Ionică Bizău, the package's repository is located on GitHub, encouraging community contributions and issue reporting.
All the vulnerabilities related to the version 6.0.5 of the package
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0.
parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing
parse-url prior to 8.1.0 is vulnerable to Misinterpretation of Input. parse-url parses certain http or https URLs incorrectly, identifying the URL's protocol as ssh. It may also parse the host name incorrectly.
Authorization Bypass in parse-path
Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0.
