dependabot[bot] commented 2 months ago

Bumps socks-proxy-agent from 5.0.1 to 8.0.4.

Release notes

Sourced from socks-proxy-agent's releases.

socks-proxy-agent@8.0.4

Patch Changes

fdeed27: resolve vulnerability in IP package

5908e84: Remove net.isIP() check for TLS servername

socks-proxy-agent@8.0.3

Patch Changes

ada656d: Pass socket_options to SocksClient

Updated dependencies [e62863c]

agent-base@7.1.1

socks-proxy-agent@8.0.2

Patch Changes

1d39f6c: Fix Electron support by using Node.js native URL object

socks-proxy-agent@8.0.1

Patch Changes

7674748: Update @types/node to v14.18.45

Updated dependencies [7674748]

agent-base@7.0.1

Changelog

Sourced from socks-proxy-agent's changelog.

8.0.4

Patch Changes

fdeed27: resolve vulnerability in IP package

5908e84: Remove net.isIP() check for TLS servername

8.0.3

Patch Changes

ada656d: Pass socket_options to SocksClient

Updated dependencies [e62863c]

agent-base@7.1.1

8.0.2

Patch Changes

1d39f6c: Fix Electron support by using Node.js native URL object

8.0.1

Patch Changes

7674748: Update @types/node to v14.18.45

Updated dependencies [7674748]

agent-base@7.0.1

8.0.0

Major Changes

d99a7c8: Major version bump for all packages

⚠️ This is a breaking change! The SocksProxyAgent constructor argument has been split into two arguments.

Upgrading from 5.x to 6.x

In version 5.x, the SocksProxyAgent constructor took a single argument of either (A) a string, or (B) an object with specific connection properties.

Now the constructor takes two separate arguments:

Argument 1: Either (A) a string, or (B) a WHATWG URL object

Argument 2 (optional): An object with standard http.Agent properties.

If you were using an object argument in 7.x, you'll need to change the first argument to match the structure of the URL class, and move any other options to the second argument.

... (truncated)

Commits

5555794 Version Packages (#311)
fdeed27 Bump socks and pac-resolver versions to mitigate vulnerability in IP package ...
70023c1 Add SOCKS auth tests
5908e84 Remove net.isIP() check for TLS servername (#312)
010fdc3 Fix e2e (#303)
1429c7e Version Packages (#301)
ada656d [socks-proxy-agent] pass socket_options to SocksClient (#302)
5923589 Moved licenses to separate files (#251)
523b74c Restrict use of global URL in certain packages (#246)
dd3b98f Version Packages (#238)
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

github-actions[bot] commented 2 months ago

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

package.json

Package	Version	License	Issue Type
socks-proxy-agent	^8.0.4	Null	Unknown License

OpenSSF Scorecard

Package

Version

Score

Details

npm/socks-proxy-agent

^8.0.4

:green_circle: 3.1

Details

Check	Score	Reason
Code-Review	:green_circle: 4	Found 9/22 approved changesets -- score normalized to 4
Maintained	:warning: 0	project is archived
CII-Best-Practices	:warning: 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	:warning: -1	No tokens found
Packaging	:warning: -1	packaging workflow not detected
Binary-Artifacts	:green_circle: 10	no binaries found in the repo
Dangerous-Workflow	:warning: -1	no workflows found
Pinned-Dependencies	:warning: -1	no dependencies found
License	:warning: 0	license file not detected
Branch-Protection	:warning: 0	branch protection not enabled on development/release branches
Fuzzing	:warning: 0	project is not fuzzed
Vulnerabilities	:green_circle: 10	0 existing vulnerabilities detected
Signed-Releases	:warning: -1	no releases found
Security-Policy	:warning: 0	security policy file not detected
SAST	:warning: 0	SAST tool is not run on all commits -- score normalized to 0