Closed ramondeklein closed 2 months ago
There is no updated version available yet.
Came across this as a consumer of this package and a user of minio. It appears the upstream has archived the repo. We are considering moving to this fork https://github.com/eggjs/node-ip as we evaluate usage. It's tricky due to the sheer number of dependent projects.
@msummers42 Thanks for mentioning that https://github.com/indutny/node-ip is now archived. It looks like our repo isn't affected by the security issue, but relying on an archived package is never a good idea.
@cesnietor I think we should check what exactly depends on this package and how to fix that.
now that Operatoe console is deprecated we no longer need to upgrade the ip
package
NPM package auditing resulted in the following message:
The ip NPM package has a known security issue and needs to be upgraded. Once the package is upgraded then the line
--ignore '1097346'
can be removed from theui.yaml
workflow.