Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Switch from filenamify-url to filenamify #395

Merged
merged 2 commits into from
Jun 21, 2021
Merged

Conversation

tw0517tw
Copy link
Contributor

@tw0517tw tw0517tw commented Jun 16, 2021

to prevent URL check failures blocking publishing.

related #394 #392

As my finding ( #394 (comment) ) that filenamify-url is doing URL check but git repo URLs may fail the check and this dependency is only used to generate cache filename. I think it is safe to use only filenamify.

Fixes #392.

@kevcenteno
Copy link

@tschaub This looks like a reasonable change. Can we get the workflows to run and possibly get it merged?

@tschaub
Copy link
Owner

tschaub commented Jun 21, 2021

Thanks for the fix, @tw0517tw. I added a test in 6ea427b.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

high severity vulnerabilities from normalize-url library (ReDoS issue)
3 participants