fix: replace path-parse by parse-url (#426)

This fixes a vulnerabilty in parse-path (CVE-2022-0624) Closes #423
semantic-release · Jul 11, 2022 · 1b3987e · 1b3987e
1 parent 129dff5
commit 1b3987e
Show file tree

Hide file tree

Showing 3 changed files with 70 additions and 125 deletions.
diff --git a/lib/get-repo-id.js b/lib/get-repo-id.js
@@ -1,11 +1,11 @@
-const parsePath = require('parse-path');
+const parseUrl = require('parse-url');
 const escapeStringRegexp = require('escape-string-regexp');
 
 module.exports = ({envCi: {service} = {}, env: {CI_PROJECT_PATH}}, gitlabUrl, repositoryUrl) =>
   service === 'gitlab' && CI_PROJECT_PATH
     ? CI_PROJECT_PATH
-    : parsePath(repositoryUrl)
-        .pathname.replace(new RegExp(`^${escapeStringRegexp(parsePath(gitlabUrl).pathname)}`), '')
+    : parseUrl(repositoryUrl)
+        .pathname.replace(new RegExp(`^${escapeStringRegexp(parseUrl(gitlabUrl).pathname)}`), '')
         .replace(/^\//, '')
         .replace(/\/$/, '')
         .replace(/\.git$/, '');