Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security vulnerability using socks@2.7.1 #1408

Open
yonayarin opened this issue May 9, 2024 · 1 comment
Open

security vulnerability using socks@2.7.1 #1408

yonayarin opened this issue May 9, 2024 · 1 comment
Labels
dependency-bug

Comments

@yonayarin
Copy link

yonayarin commented May 9, 2024
edited

  • [] I have searched for similar issues
  • [] I am using the latest version of npm-check-updates
  • [] I am using node >= 14.14

Lately I started to get some security vulnerability from this package.

└─┬ npm-check-updates@16.14.20
└─┬ make-fetch-happen@11.1.1
└─┬ socks-proxy-agent@7.0.0
└─┬ socks@2.7.1
└── ip@2.0.0

socks package in this version uses "ip" version "2.0.0" - full issue description nodejs/node#51848
Here is another report of this issue - npm/cli#7223

Will be happy if you can update versions accordingly to remove this issued dependency.

Steps to Reproduce

Steps:

Run CI with npm-check-updates@16.14.20 installed

Current Behavior

Display security vulnerability.

Expected Behavior
@raineorshine raineorshine changed the title security vanuralites using socks@2.7.1 security vulnerability using socks@2.7.1 May 10, 2024
@raineorshine
Copy link
Owner

Thanks for reporting. I added it to overrides since the patch has not yet trickled up the dependency chain.

It will be published in the next release, which is currently blocked by #1404.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dependency-bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@raineorshine @yonayarin