fixup! doc: deprecate url.parse()

Trott · Trott · commit 8c3fd95e476b · 2022-10-11T11:20:46.000-07:00
diff --git a/doc/api/url.md b/doc/api/url.md
@@ -1565,8 +1565,9 @@ A `URIError` is thrown if the `auth` property is present but cannot be decoded.
 
 `url.parse()` uses a lenient, non-standard algorithm for parsing URL
 strings. It is prone to security issues such as [host name spoofing][]
-and incorrect handling of usernames and passwords. Use the [WHATWG URL][] API
-instead.
+and incorrect handling of usernames and passwords. Do not use with untrusted
+input. CVEs are not issued for `url.parse()` vulnerabilities. Use the
+[WHATWG URL][] API instead.
 
 ### `url.resolve(from, to)`
 
