Remove dependency on unmaintained node-ip package from amplify-appsync-simulator

jwilson-anonyome commented 1 month ago

How did you install the Amplify CLI?

yarn

If applicable, what version of Node.js are you using?

v20.16.0

Amplify CLI Version

2.16.4

What operating system are you using?

Mac

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

No manual changes

Describe the bug

amplify-appsync-simulator uses the node-ip package to get the local IP address, where the simulator may be running.

The node-ip project is abandoned. It has a reported security vulnerability.

Expected behavior

Build and run code using amplify-appsync-simulator without encountering failures or warnings due to security vulnerabilities.

Reproduction steps

yarn audit

Project Identifier

No response

Log output

``` # Put your logs below this line ```

Additional information

PR to remove the dependency in https://github.com/aws-amplify/amplify-cli/pull/13877

Before submitting, please confirm:

[X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
[X] I have removed any sensitive information from my code snippets and submission.

ykethan commented 1 month ago

closing this as https://github.com/aws-amplify/amplify-cli/pull/13877 has been merged.

github-actions[bot] commented 1 month ago

This issue is now closed. Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one.

aws-amplify / amplify-cli