From a5dc85b5d3f737429b00f16268babe4d680f5c1f Mon Sep 17 00:00:00 2001 From: kolaente Date: Tue, 19 May 2026 16:56:07 +0200 Subject: [PATCH] fix(deps): bump ip-address to 10.2.0 Adds a pnpm override to pull ip-address >=10.1.1, resolving the XSS vulnerability in Address6 HTML-emitting methods (GHSA, dev-only transitive dependency via puppeteer/socks). --- frontend/package.json | 3 ++- frontend/pnpm-lock.yaml | 22 +++++----------------- 2 files changed, 7 insertions(+), 18 deletions(-) diff --git a/frontend/package.json b/frontend/package.json index 5bc5aaf52..2152ca1f0 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -172,7 +172,8 @@ "rollup": "$rollup", "basic-ftp": ">=5.2.2", "serialize-javascript": "^7.0.5", - "flatted": "^3.4.1" + "flatted": "^3.4.1", + "ip-address": ">=10.1.1" } } } diff --git a/frontend/pnpm-lock.yaml b/frontend/pnpm-lock.yaml index c27ad5c4a..e1620bfda 100644 --- a/frontend/pnpm-lock.yaml +++ b/frontend/pnpm-lock.yaml @@ -10,6 +10,7 @@ overrides: basic-ftp: '>=5.2.2' serialize-javascript: ^7.0.5 flatted: ^3.4.1 + ip-address: '>=10.1.1' importers: @@ -4566,8 +4567,8 @@ packages: resolution: {integrity: sha512-4gd7VpWNQNB4UKKCFFVcp1AVv+FMOgs9NKzjHKusc8jTMhd5eL1NqQqOpE0KzMds804/yHlglp3uxgluOqAPLw==} engines: {node: '>= 0.4'} - ip-address@9.0.5: - resolution: {integrity: sha512-zHtQzGojZXTwZTHQqra+ETKd4Sn3vgi7uBmlPoXVWZqYvuKmtI0l/VZTjqGmJY9x88GGOaZ9+G9ES8hC4T4X8g==} + ip-address@10.2.0: + resolution: {integrity: sha512-/+S6j4E9AHvW9SWMSEY9Xfy66O5PWvVEJ08O0y5JGyEKQpojb0K0GKpz/v5HJ/G0vi3D2sjGK78119oXZeE0qA==} engines: {node: '>= 12'} is-array-buffer@3.0.5: @@ -4823,9 +4824,6 @@ packages: resolution: {integrity: sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==} hasBin: true - jsbn@1.1.0: - resolution: {integrity: sha512-4bYVV3aAMtDTTu4+xsDYa6sy9GyJ69/amsu9sYF2zqjiEoZA5xJi3BrfX3uY+/IekIu7MwdObdbDWpoZdBv3/A==} - jsdom@27.4.0: resolution: {integrity: sha512-mjzqwWRD9Y1J1KUi7W97Gja1bwOOM5Ug0EZ6UDK3xS7j7mndrkwozHtSblfomlzyB4NepioNt+B2sOSzczVgtQ==} engines: {node: ^20.19.0 || ^22.12.0 || >=24.0.0} @@ -6207,9 +6205,6 @@ packages: sprintf-js@1.0.3: resolution: {integrity: sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g==} - sprintf-js@1.1.3: - resolution: {integrity: sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA==} - stackback@0.0.2: resolution: {integrity: sha512-1XMJE5fQo1jGH6Y/7ebnwPOBEkIEnT4QF32d5R1+VXdXveM0IBMJt8zfaxX1P3QhVwrYe+576+jkANtSS2mBbw==} @@ -11733,10 +11728,7 @@ snapshots: hasown: 2.0.3 side-channel: 1.1.0 - ip-address@9.0.5: - dependencies: - jsbn: 1.1.0 - sprintf-js: 1.1.3 + ip-address@10.2.0: {} is-array-buffer@3.0.5: dependencies: @@ -11969,8 +11961,6 @@ snapshots: dependencies: argparse: 2.0.1 - jsbn@1.1.0: {} - jsdom@27.4.0: dependencies: '@acemir/cssom': 0.9.30 @@ -13429,7 +13419,7 @@ snapshots: socks@2.8.4: dependencies: - ip-address: 9.0.5 + ip-address: 10.2.0 smart-buffer: 4.2.0 sortablejs@1.14.0: {} @@ -13471,8 +13461,6 @@ snapshots: sprintf-js@1.0.3: {} - sprintf-js@1.1.3: {} - stackback@0.0.2: {} statuses@1.5.0: {}