proxy-agents icon indicating copy to clipboard operation
proxy-agents copied to clipboard

Published 20 hours ago verified publisher icon TooTallNate

Bump up socks version to mitigate vulnerability in IP package

Open rovindra opened this issue 1 year ago • 5 comments

https://github.com/TooTallNate/proxy-agents/blob/b5f94e3222c0aaa3bc56218ff125e2c56417c86e/packages/socks-proxy-agent/package.json#L112C17-L112C21

Socks has released the new version and removed the ip package because of having a vulnerability mentioned here: https://github.com/advisories/GHSA-78xj-cgh5-2h22

rovindra avatar Feb 23 '24 13:02 rovindra

Any update on this?

elkinjosetm avatar Mar 07 '24 15:03 elkinjosetm

Just ran into this issue as well ☹️ it's been over a month - can we please get a patch for this??

SpencerKaiser avatar Mar 25 '24 15:03 SpencerKaiser

Would like to see this too! If any help is needed, I'm willing to try

Ch1g avatar Mar 25 '24 16:03 Ch1g

We are awaiting resolution of this issue too. I understand it may be a low priority. Just please don't forget #297

hsol avatar Mar 27 '24 03:03 hsol

#297 has a few issues that need to be fixed before it can be merged.

That being said, #297 is only required to clear the vuln for local development of these packages. socks-proxy-agent depends on a range of socks which contains the fix, so all that is required for other projects is updating your transient deps.

lukekarrys avatar Mar 31 '24 20:03 lukekarrys

pac-proxy-agent was also not updated to latest [email protected] fixing the ip vulnerability.

Any plans to update these dependencies?

jonamenk avatar Jun 05 '24 06:06 jonamenk

https://github.com/TooTallNate/proxy-agents/pull/322

TooTallNate avatar Jun 28 '24 19:06 TooTallNate