Fix Potential DOM-based XSS via prototype pollution (segmentio#232)

* Fix Potential DOM-based XSS via prototype pollution

* update history

* undo linting changes

* Delete yarn-error.log

Author: Julio Farah

HISTORY.md

@@ -10,6 +10,10 @@
 
 - Fix Potential DOM-based XSS via prototype pollution
 
+# 4.1.7 / 2021-03-17
+
+- Fix Potential DOM-based XSS via prototype pollution
+
 # 4.1.6 / 2020-11-24
 
 - Update `trim` package to address ReDoS vulnerability

lib/analytics.ts

@@ -6,12 +6,13 @@ import {
   SegmentAnalytics,
   SegmentOpts,
   SegmentIntegration,
-  PageDefaults, Message
+  PageDefaults
 } from './types';
 
 import { pageDefaults } from './pageDefaults';
 
 import pick from 'lodash.pick'
+import url from 'component-url'
 
 var _analytics = global.analytics;
 
@@ -70,7 +71,6 @@ function Analytics() {
   this.log = debug('analytics.js');
   bindAll(this);
 
-
   const self = this;
   this.on('initialize', function(_, options) {
     if (options.initialPageview) self.page();
@@ -961,6 +961,10 @@ Analytics.prototype.reset = function() {
  * @api private
  */
 
+interface QueryStringParams {
+  [key: string]: string | null;
+}
+
 Analytics.prototype._parseQuery = function(query: string): SegmentAnalytics {
   // Parse querystring to an object
   const parsed = url.parse(query);