[dist] 1.5.2

3rd-Eden · 3rd-Eden · commit 201034b8670c · 2021-07-25T14:43:14.000+02:00
diff --git a/SECURITY.md b/SECURITY.md
@@ -33,6 +33,19 @@ acknowledge your responsible disclosure, if you wish.
 
 ## History
 
+> url-parse mishandles certain use a single of (back) slash such as https:\ &
+> https:/ and > interprets the URI as a relative path. Browsers accept a single
+> backslash after the protocol, and treat it as a normal slash, while url-parse
+> sees it as a relative path.
+
+- **Reporter credits**
+  - Ready-Research
+  - GitHub: [@Ready-Reserach](https://github.com/ready-research)
+- Huntr report: https://www.huntr.dev/bounties/1625557993985-unshiftio/url-parse/
+- Fixed in: 1.5.2
+
+---
+
 > Using backslash in the protocol is valid in the browser, while url-parse
 > thinks it’s a relative path. An application that validates a url using
 > url-parse might pass a malicious link.
@@ -42,6 +55,8 @@ acknowledge your responsible disclosure, if you wish.
   - Twitter: [Yaniv Nizry](https://twitter.com/ynizry)
 - Fixed in: 1.5.0
 
+---
+
 > The `extractProtocol` method does not return the correct protocol when
 > provided with unsanitized content which could lead to false positives.
 
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "url-parse",
-  "version": "1.5.1",
+  "version": "1.5.2",
   "description": "Small footprint URL parser that works seamlessly across Node.js and browser environments",
   "main": "index.js",
   "scripts": {

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "url-parse",`
`3`		`- "version": "1.5.1",`
	`3`	`+ "version": "1.5.2",`
`4`	`4`	`"description": "Small footprint URL parser that works seamlessly across Node.js and browser environments",`
`5`	`5`	`"main": "index.js",`
`6`	`6`	`"scripts": {`