Closed MatXSz closed 3 months ago
Duplicate of #2030
npm version 10.5.0 is using socks 2.8.0 https://github.com/npm/cli/pull/7184/files
which replaced the problematic ip
package
https://github.com/JoshGlazebrook/socks/commit/66b7f73023697f6ffb9751b5749b1a8f9b8d5066#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L48
it's avaiable in node versions:
>= 21.7.0
>= 20.12.0
>= 18.20.0
Environment
Expected Behavior
node:lts-slim has npm ip package version with included fix for CVE-2023-42282 (2.0.1) Node:slim image is not vulnerable to CVE-2023-42282.
Current Behavior
node:lts-slim has not npm ip package version with included fix for CVE-2023-42282 (2.0.1) Actual version is 2.0.0.
Possible Solution
Update the npm ip package to fixed version in node:lts-slim.