Debian Package Tracker - node-url-parse

A new upstream version is available: 1.4.7 high

A new upstream version 1.4.7 is available, you should consider packaging it.

Created: 2018-04-08 Last update: 2019-06-16 10:36

11 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 292b03d6c4b403767738d6583e06a3b0f4d32bfc
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Apr 16 10:35:15 2019 +0200

    Typo

commit 69f1cf87cfd4504af8754efa398dd080e82d77ba
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Apr 16 10:25:14 2019 +0200

    releasing package node-url-parse version 1.2.0-2

commit a7590a9f05fce93b33643aa835ff671ecb90cc94
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Apr 16 10:20:08 2019 +0200

    Back to debhelper 9 (freeze)

commit b885c7b276585354b99489f503820091ba98bd60
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Apr 16 10:18:16 2019 +0200

    Add upstream/metadata

commit 485a21a6d6ab5d758b6399c5b13f78a15056c998
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Apr 16 10:18:06 2019 +0200

    Fix description

commit d7950d8ec1aa429decdc5acfc6e7b5aa6042849c
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Apr 16 10:14:01 2019 +0200

    Fix debian/copyright format URL

commit a07ccb89fa64803e86551ff374732f22c4bffb6a
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Apr 16 10:13:33 2019 +0200

    Fix VCS fields

commit 199b9bc6ff06023fe292d8f6ddcbf0ca4712b920
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Apr 16 10:10:24 2019 +0200

    Enable upstream tests using pkg-js-tools. This adds node-deep-eql, node-object-inspect and node-pathval in build dependencies

commit 97b27d3ce249a2d04d219f1cfeb9e8486cce929d
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Apr 16 10:09:29 2019 +0200

    Add patch to fix bad URL parsing (Closes: #906058, CVE-2018-3774)

commit 3e310b174be60cebe392976e6ec3064675286afc
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Apr 16 09:00:05 2019 +0200

    Declare compliance with policy 4.3.0

commit 4f7dff31516564b85fd6bb229b252c6314ddd320
Author: Xavier Guimard <yadd@debian.org>
Date:   Tue Apr 16 09:00:05 2019 +0200

    Bump debhelper compatibility level to 11

Created: 2019-04-16 Last update: 2019-06-15 12:39

1 ignored security issue in stretch low

There is 1 open security issue in stretch.

1 issue skipped by the security teams:

CVE-2018-3774: Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

Please fix it.

Created: 2019-04-17 Last update: 2019-04-21 07:42