You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Once a solution is found, release-it can update its packages to get the fix.
ip <=1.1.8
Severity: high
NPM IP package vulnerable to Server-Side Request Forgery (SSRF) attacks - https://github.com/advisories/GHSA-78xj-cgh5-2h22
fix available via `npm audit fix --force`
Will install release-it@14.14.2, which is a breaking change
node_modules/ip
pac-resolver >=1.3.0
Depends on vulnerable versions of ip
node_modules/pac-resolver
pac-proxy-agent >=1.1.0
Depends on vulnerable versions of pac-resolver
node_modules/pac-proxy-agent
proxy-agent >=2.1.0
Depends on vulnerable versions of pac-proxy-agent
node_modules/proxy-agent
release-it 0.0.0-pl.0 ||>=14.14.3
Depends on vulnerable versions of proxy-agent
node_modules/release-it
@release-it/conventional-changelog >=5.1.0
Depends on vulnerable versions of release-it
node_modules/@release-it/conventional-changelog
6 high severity vulnerabilities
The text was updated successfully, but these errors were encountered:
The issue below seems to be tracked here: TooTallNate/proxy-agents#280
Once a solution is found,
release-it
can update its packages to get the fix.The text was updated successfully, but these errors were encountered: