Skip to content

Upgrade ip-address to address CVE (socks is not affected)#116

Merged
JoshGlazebrook merged 1 commit into
JoshGlazebrook:masterfrom
beaugunderson:bg-upgrade-ip-address
Apr 28, 2026
Merged

Upgrade ip-address to address CVE (socks is not affected)#116
JoshGlazebrook merged 1 commit into
JoshGlazebrook:masterfrom
beaugunderson:bg-upgrade-ip-address

Conversation

@beaugunderson

@beaugunderson beaugunderson commented Apr 27, 2026

Copy link
Copy Markdown
Contributor

I'm the maintainer of ip-address. We had a CVE reported, so downstream users of socks will likely see it. socks itself is not affected (honestly, I don't think anyone is) but to address the CVE here's a PR to upgrade ip-address to the version that addresses the CVE. There are no functionality changes and the tests pass.

Note: npm install caused the package-lock.json to pick up the latest socks version number. That seemed fine.

@JoshGlazebrook JoshGlazebrook left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you!

@JoshGlazebrook
JoshGlazebrook merged commit c8f3d34 into JoshGlazebrook:master Apr 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants