search

web-infra-dev / rsdoctor

A one-stop build analyzer for Rspack and webpack.
https://rsdoctor.dev/
MIT License
446 stars 37 forks source link

chore(deps): update dependency ip to v1.1.9 [security] #215

Closed renovate[bot] closed 7 months ago

renovate[bot] commented 7 months ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
ip 1.1.8 -> 1.1.9 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-42282

The isPublic() function in the NPM package ip doesn't correctly identify certain private IP addresses in uncommon formats such as 0x7F.1 as private. Instead, it reports them as public by returning true. This can lead to security issues such as Server-Side Request Forgery (SSRF) if isPublic() is used to protect sensitive code paths when passed user input. Versions 1.1.9 and 2.0.1 fix the issue.

Release Notes

indutny/node-ip (ip) ### [`v1.1.9`](https://togithub.com/indutny/node-ip/compare/v1.1.8...v1.1.9) [Compare Source](https://togithub.com/indutny/node-ip/compare/v1.1.8...v1.1.9)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

netlify[bot] commented 7 months ago

Deploy Preview for rsdoctor ready!

Name Link
Latest commit 7a4f1a9992c732dc3ab0518546767531a77ee862
Latest deploy log https://app.netlify.com/sites/rsdoctor/deploys/65f29c1783917c000839f322
Deploy Preview https://deploy-preview-215--rsdoctor.netlify.app
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.