Bump up socks version to mitigate vulnerability in IP package

[rovindra]

https://github.com/TooTallNate/proxy-agents/blob/b5f94e3222c0aaa3bc56218ff125e2c56417c86e/packages/socks-proxy-agent/package.json#L112C17-L112C21

Socks has released the new version and removed the ip package because of having a vulnerability mentioned here: https://github.com/advisories/GHSA-78xj-cgh5-2h22

[elkinjosetm]

Any update on this?

[SpencerKaiser]

Just ran into this issue as well ☹️ it's been over a month - can we please get a patch for this??

[Ch1g]

Would like to see this too! If any help is needed, I'm willing to try

[hsol]

We are awaiting resolution of this issue too. I understand it may be a low priority. Just please don't forget #297

[lukekarrys]

297 has a few issues that need to be fixed before it can be merged.

That being said, #297 is only required to clear the vuln for local development of these packages. socks-proxy-agent depends on a range of socks which contains the fix, so all that is required for other projects is updating your transient deps.

[jonamenk]

pac-proxy-agent was also not updated to latest pac-resolver@7.0.1 fixing the ip vulnerability.

Any plans to update these dependencies?