security: fix ip dependabot alert - Githubissues

wpengine / atlas-content-modeler

Content modeling plugin for WordPress

https://developers.wpengine.com/docs/atlas-content-modeler

GNU General Public License v2.0

165 stars 13 forks source link

security: fix ip dependabot alert #693

Closed theodesp closed 3 months ago

theodesp commented 3 months ago

Description

fixes:

ip  *
Severity: high
ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp

msgpackr  <1.10.1
Severity: high
msgpackr's conversion of property names to strings can trigger infinite recursion - https://github.com/advisories/GHSA-7hpj-7hhx-2fgx
fix available via `npm audit fix`

https://wpengine.atlassian.net/browse/

Checklist

I have:

[ ] Added an entry to CHANGELOG.md.

Testing

Screenshots

Documentation Changes

Dependent PRs