Bump socks and pac-resolver versions to mitigate vulnerability in IP package

TooTallNate / proxy-agents

Node.js HTTP Proxy Agents Monorepo

https://proxy-agents.n8.io

917 stars 238 forks source link

Bump socks and pac-resolver versions to mitigate vulnerability in IP package #317

Closed rjblopes closed 3 months ago

rjblopes commented 3 months ago

Revamp of #295 including pac-resolver dependency in pac-proxy-agent.

https://github.com/TooTallNate/proxy-agents/blob/b5f94e3222c0aaa3bc56218ff125e2c56417c86e/packages/socks-proxy-agent/package.json#L112C17-L112C21

Socks has released the new version and removed the ip package because of having a vulnerability mentioned here: https://github.com/advisories/GHSA-78xj-cgh5-2h22

changeset-bot[bot] commented 3 months ago

🦋 Changeset detected

Latest commit: 1cc0c725299c8cd808e38e81172b93a34395b621

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages

| Name | Type | | ----------------- | ----- | | socks-proxy-agent | Patch | | pac-proxy-agent | Patch |

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

vercel[bot] commented 3 months ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated (UTC)
proxy-agents	✅ Ready (Inspect)	Visit Preview	Jun 9, 2024 4:09pm

TooTallNate commented 3 months ago

Your change updates the pnpm lockfile format to a version that is not compatible with the current CI setup. Can you please adjust to retain the old lockfile format?