Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade ip-address from 6.1.0 to 6.4.0 #29

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

JoeScho
Copy link
Owner

@JoeScho JoeScho commented Aug 2, 2022

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade ip-address from 6.1.0 to 6.4.0.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 3 versions ahead of your current version.
  • The recommended version was released 2 years ago, on 2020-09-13.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Command Injection
SNYK-JS-LODASH-1040724
467/1000
Why? Proof of Concept exploit, CVSS 7.2
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905
467/1000
Why? Proof of Concept exploit, CVSS 7.2
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: ip-address from ip-address GitHub release notes
Commit messages
Package name: ip-address
  • f16b807 Release 6.4.0
  • 6091691 npm audit fix + update dependencies
  • 4fab3f0 Merge pull request #109 from beaugunderson/dependabot/npm_and_yarn/node-fetch-2.6.1
  • cff9731 Merge pull request #108 from beaugunderson/dependabot/npm_and_yarn/elliptic-6.5.3
  • eb401c6 Merge pull request #110 from mdmower/patch-0
  • f2c0131 Correct Address6.to4() return type
  • ee7526c Bump node-fetch from 2.6.0 to 2.6.1
  • 690b3ed Bump elliptic from 6.5.2 to 6.5.3
  • 511b8a2 Merge pull request #107 from beaugunderson/dependabot/npm_and_yarn/websocket-extensions-0.1.4
  • 7273d2a Merge pull request #106 from beaugunderson/greenkeeper/documentation-13.0.0
  • bad1820 Bump websocket-extensions from 0.1.3 to 0.1.4
  • 0a0681a chore(package): update lockfile package-lock.json
  • 0bb5d6d chore(package): update documentation to version 13.0.0
  • cc2a9c6 Merge pull request #105 from beaugunderson/greenkeeper/release-it-13.5.4
  • b6283a9 chore(package): update lockfile package-lock.json
  • 6684c59 chore(package): update release-it to version 13.5.4
  • aabdf98 remove node 6/7 from CI
  • 4e0173e Release 6.3.0
  • 1b8eb15 add release-it
  • 6e4b034 update dependencies to fix security issues
  • 2279707 Merge pull request #97 from beaugunderson/dependabot/npm_and_yarn/handlebars-4.6.0
  • 9d5185a Bump handlebars from 4.1.2 to 4.6.0
  • 1fe6b67 update address boundary in IPv6 regular expression
  • 378b097 update package-lock

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants