[Snyk] Upgrade urijs from 1.18.10 to 1.19.11

[keiserjb]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade urijs from 1.18.10 to 1.19.11.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 14 versions ahead of your current version.

• The recommended version was released on 2 years ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Code Injection SNYK-JS-LODASH-1040724	586	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-450202	586	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	586	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	586	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-6139239	586	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-73638	586	Proof of Concept
	Prototype Pollution SNYK-JS-URIJS-1319806	586	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	586	Proof of Concept
	Prototype Pollution npm:lodash:20180130	586	Proof of Concept
	Open Redirect SNYK-JS-URIJS-2401466	586	Proof of Concept
	Improper Input Validation SNYK-JS-URIJS-2415026	586	Proof of Concept
	Open Redirect SNYK-JS-URIJS-2419067	586	Proof of Concept
	Misinterpretation of Input SNYK-JS-URIJS-2440699	586	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-URIJS-2441239	586	Proof of Concept
	Improper Input Validation SNYK-JS-URIJS-1055003	586	No Known Exploit
	Improper Input Validation SNYK-JS-URIJS-1078286	586	No Known Exploit
	Open Redirect SNYK-JS-URIJS-1319803	586	Proof of Concept

Release notes

Package name: urijs

• 1.19.11 - 2022-04-03
  
  • SECURITY fixing URI.parse() handle excessive slashes in scheme-relative URLs - disclosed by zeyu2001 via https://huntr.dev/
  • SECURITY fixing URI.parse() remove \r (CR), \n, (LF) \t (TAB) - disclosed by haxatron via https://huntr.dev/
• 1.19.10 - 2022-03-05
  
  • SECURITY fixing URI.parse() handle excessive colons in protocol delimiter - disclosed by huydoppa via https://huntr.dev/
• 1.19.9 - 2022-03-03
  
  • SECURITY fixing URI.parse() handle leading whitespace - disclosed by p0cas via https://huntr.dev/
• 1.19.8 - 2022-02-15
  
  • SECURITY fixing URI.parse() treat scheme case-insenstivie when handling excessive slackes and backslashes - PR #412 by r0hanSH
• 1.19.7 - 2021-07-14
  
  • SECURITY fixing URI.parseQuery() to prevent overwriting __proto__ in parseQuery() - disclosed privately by @ NewEraCracker
  • SECURITY fixing URI.parse() to handle variable amounts of \ and / in scheme delimiter as Node and Browsers do - disclosed privately by ready-research via https://huntr.dev/
  • removed obsolete build tools
  • updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0)
• 1.19.6 - 2021-02-13
  
  • SECURITY fixing URI.parse() to rewrite \ in scheme delimiter to / as Node and Browsers do - disclosed privately by Yaniv Nizry from the CxSCA AppSec team at Checkmarx
• 1.19.5 - 2020-12-30
  
  • dropping jquery.URI.js from minified bundle accidentally added since v1.19.3 - Issue #404
• 1.19.4 - 2020-12-23
  
  • SECURITY fixing URI.parseAuthority() to rewrite \ to / as Node and Browsers do - followed up to by alesandroortiz in PR #403, relates to Issue #233
• 1.19.3 - 2020-12-20
  
  • SECURITY fixing URI.parseAuthority() to rewrite \ to / as Node and Browsers do - disclosed privately by alesandroortiz, relates to Issue #233
• 1.19.2 - 2019-10-20
  
  • fixing URI.build() to properly handle relative paths when a scheme is given - Issue #387
  • fixing URI.buildQuery() to properly handle empty param name - Issue #243, PR #383
  • support Composer PR #386
• 1.19.1 - 2018-02-10
• 1.19.0 - 2017-10-01
• 1.18.12 - 2017-08-10
• 1.18.11 - 2017-08-08
• 1.18.10 - 2017-03-30

from urijs GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs