Skip to content

Upgrade is-url-superb from ^3.0.0 to ^4.0.0 #122

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Upgrade is-url-superb from ^3.0.0 to ^4.0.0 #122

wants to merge 1 commit into from

Conversation

@davilima6
Copy link

@davilima6 davilima6 commented Aug 17, 2020
edited
Loading

WIP: tests do not pass. Is there anyone more familiar around? :)

  -         isUrl: false,
  +         isUrl: true,
            isVariable: false,
  -         parent: [Circular],
  +         parent: [Circular],

The major 4.0.0 drop dependency on url-regex, which has a up until now unpatched high vulnerability https://www.npmjs.com/advisories/1550

Next I remove the non-direct dependency of postcss-values-parser on url-regex, which I suppose was there to keep the version stable in case is-url-superb@^3.0.0 updated it, since it not imported anywhere in this postcss-values-parser.

This PR contains:

  • bugfix
  • feature
  • refactor
  • tests
  • documentation
  • metadata

Breaking Changes?

  • yes
  • no

New major of is-url-superb:

  • requires Node.js 10
  • no longer accepts protocol-relative URLs.

See https://github.com/sindresorhus/is-url-superb/releases/tag/v4.0.0

Please Describe Your Changes

This relates to #120

@shellscape
Copy link
Owner

Yeah for more context see the discussion starting here: #119 (comment)

feat: upgrade is-url-superb from ^3.0.0 to ^4.0.0
8fda1e7 
the new version does not depend on url-regex, which has a up until now unpatched high vulnerability https://www.npmjs.com/advisories/1550

therefore we remove the non-direct dependency on url-regex, which apparently was only there to force a resolution to a newest version than the one brought in by is-url-superb@^3.0.0
@davilima6 davilima6 changed the title upgrade is-url-superb from ^3.0.0 to ^4.0.0 Upgrade is-url-superb from ^3.0.0 to ^4.0.0 Aug 17, 2020
@shellscape
Copy link
Owner

Closing in favor of #125. As noted on your other PR, I do sincerely and truthfully appreciate the work you put in on this.

@shellscape shellscape closed this Sep 16, 2020
@davilima6 davilima6 deleted the remove-unused-unsafe-dep-url-regex branch September 16, 2020 14:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@davilima6 @shellscape