Closed enfcyco closed 4 months ago
This is due to the dependency on socks which has the dependency on the vulnerable ip package. in socks 2.7.3 they removed the ip dependency
This was already fixed in https://github.com/TooTallNate/proxy-agents/pull/281.
Vulnerability for ip package in socks-proxy-agent. Can that removed and propagated up through the packages that use it?
This issue was changed to be a problem in IP 2.0 also.
https://github.com/advisories/GHSA-78xj-cgh5-2h22
Thanks