fix(deps): bump ip-address to >=10.1.1 in desktop workspace

Resolves a medium-severity XSS in Address6 HTML-emitting methods
(GHSA / Dependabot alert #224). Vulnerable range: <=10.1.0,
patched in 10.1.1. The package is pulled in transitively through
socks -> socks-proxy-agent in the Electron build chain
(devDependency only), but we add a pnpm override to ensure the
patched version is used everywhere. The frontend workspace already
has the equivalent override.
This commit is contained in:
kolaente 2026-05-27 10:46:49 +02:00
parent e08f05119d
commit d5ab54941f
No known key found for this signature in database
2 changed files with 7 additions and 5 deletions

View File

@ -77,7 +77,8 @@
"tar": "^7.5.11",
"@tootallnate/once": "^3.0.1",
"picomatch": ">=4.0.4",
"tmp": ">=0.2.6"
"tmp": ">=0.2.6",
"ip-address": ">=10.1.1"
}
}
}

View File

@ -10,6 +10,7 @@ overrides:
'@tootallnate/once': ^3.0.1
picomatch: '>=4.0.4'
tmp: '>=0.2.6'
ip-address: '>=10.1.1'
importers:
@ -841,8 +842,8 @@ packages:
inherits@2.0.4:
resolution: {integrity: sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==}
ip-address@10.1.0:
resolution: {integrity: sha512-XXADHxXmvT9+CRxhXg56LJovE+bmWnEWB78LB83VZTprKTmaC5QfruXocxzTZ2Kl0DNwKuBdlIhjL8LeY8Sf8Q==}
ip-address@10.2.0:
resolution: {integrity: sha512-/+S6j4E9AHvW9SWMSEY9Xfy66O5PWvVEJ08O0y5JGyEKQpojb0K0GKpz/v5HJ/G0vi3D2sjGK78119oXZeE0qA==}
engines: {node: '>= 12'}
ipaddr.js@1.9.1:
@ -2745,7 +2746,7 @@ snapshots:
inherits@2.0.4: {}
ip-address@10.1.0: {}
ip-address@10.2.0: {}
ipaddr.js@1.9.1: {}
@ -3295,7 +3296,7 @@ snapshots:
socks@2.8.7:
dependencies:
ip-address: 10.1.0
ip-address: 10.2.0
smart-buffer: 4.2.0
source-map-support@0.5.21: