Vulnerability for ip 2.0 package in socks-proxy-agent

Question

enfcyco opened this issue 7 months ago · 2 comments

Vulnerability for ip package in socks-proxy-agent. Can that removed and propagated up through the packages that use it?

This issue was changed to be a problem in IP 2.0 also.

Thanks

Answer 1 · 2024-02-13T20:39:19.000Z

This is due to the dependency on socks which has the dependency on the vulnerable ip package. in socks 2.7.3 they removed the ip dependency

Answer 2 · 2024-02-13T21:29:22.000Z

This was already fixed in #281.