fix(deps): bump ip-address to >=10.1.1 in desktop workspace
Resolves a medium-severity XSS in Address6 HTML-emitting methods (GHSA / Dependabot alert #224). Vulnerable range: <=10.1.0, patched in 10.1.1. The package is pulled in transitively through socks -> socks-proxy-agent in the Electron build chain (devDependency only), but we add a pnpm override to ensure the patched version is used everywhere. The frontend workspace already has the equivalent override.
This commit is contained in:
parent
e08f05119d
commit
d5ab54941f
|
|
@ -77,7 +77,8 @@
|
|||
"tar": "^7.5.11",
|
||||
"@tootallnate/once": "^3.0.1",
|
||||
"picomatch": ">=4.0.4",
|
||||
"tmp": ">=0.2.6"
|
||||
"tmp": ">=0.2.6",
|
||||
"ip-address": ">=10.1.1"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ overrides:
|
|||
'@tootallnate/once': ^3.0.1
|
||||
picomatch: '>=4.0.4'
|
||||
tmp: '>=0.2.6'
|
||||
ip-address: '>=10.1.1'
|
||||
|
||||
importers:
|
||||
|
||||
|
|
@ -841,8 +842,8 @@ packages:
|
|||
inherits@2.0.4:
|
||||
resolution: {integrity: sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==}
|
||||
|
||||
ip-address@10.1.0:
|
||||
resolution: {integrity: sha512-XXADHxXmvT9+CRxhXg56LJovE+bmWnEWB78LB83VZTprKTmaC5QfruXocxzTZ2Kl0DNwKuBdlIhjL8LeY8Sf8Q==}
|
||||
ip-address@10.2.0:
|
||||
resolution: {integrity: sha512-/+S6j4E9AHvW9SWMSEY9Xfy66O5PWvVEJ08O0y5JGyEKQpojb0K0GKpz/v5HJ/G0vi3D2sjGK78119oXZeE0qA==}
|
||||
engines: {node: '>= 12'}
|
||||
|
||||
ipaddr.js@1.9.1:
|
||||
|
|
@ -2745,7 +2746,7 @@ snapshots:
|
|||
|
||||
inherits@2.0.4: {}
|
||||
|
||||
ip-address@10.1.0: {}
|
||||
ip-address@10.2.0: {}
|
||||
|
||||
ipaddr.js@1.9.1: {}
|
||||
|
||||
|
|
@ -3295,7 +3296,7 @@ snapshots:
|
|||
|
||||
socks@2.8.7:
|
||||
dependencies:
|
||||
ip-address: 10.1.0
|
||||
ip-address: 10.2.0
|
||||
smart-buffer: 4.2.0
|
||||
|
||||
source-map-support@0.5.21:
|
||||
|
|
|
|||
Loading…
Reference in New Issue