dep(parse-url): replace with native URL #39

msimerson · 2023-12-11T19:02:32Z

Fixes Critical CVE with parse-url dependency #37
replace Travis CI with GitHub Actions
- add codeql
- add windows testing (can be ignored or easily disabled)
CI with GitHub Actions has been tested and you can see the output over here in my fork and in the screenshot below. I updated the readme file so that if you merge this PR, the CI test badge points to the GHA tests in your repo.
the CI tests against v8 and automatically against every LTS version of node.js. Currently that's node 18 & 20. If dropping node 8 support is acceptable, then the polyfill can be removed.
After merging this PR, coveralls will show results in your fork.
This PR is minimal, changing only what is required to remove parse-url and get GHA testing functional

CI result

- polyfill URL for node.js 8 - ci: replace Travis with GitHub Actions - add codeql testing - doc(readme): update CI badge url - bump version to 2.1.1 - doc(changelog): update for 2.1.1 - doc(readme): bump copyright year to 2023 - dep(eslint) bump version

msimerson force-pushed the remove-parse-url branch 5 times, most recently from dc98d41 to 4a17c86 Compare December 11, 2023 22:19

msimerson force-pushed the remove-parse-url branch from 8978c5e to b91cb4e Compare December 11, 2023 22:32

msimerson mentioned this pull request Dec 12, 2023

drop node v8 support, bump dependency versions #41

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

dep(parse-url): replace with native URL #39

dep(parse-url): replace with native URL #39

msimerson commented Dec 11, 2023 •

edited

Loading

dep(parse-url): replace with native URL #39

Are you sure you want to change the base?

dep(parse-url): replace with native URL #39

Conversation

msimerson commented Dec 11, 2023 • edited Loading

CI result

msimerson commented Dec 11, 2023 •

edited

Loading