Skip to content

[chore] Fix vulnerable dev dependency ip#9673

Merged
slax57 merged 1 commit intomasterfrom
fix-ip-dependency
Feb 19, 2024
Merged

[chore] Fix vulnerable dev dependency ip#9673
slax57 merged 1 commit intomasterfrom
fix-ip-dependency

Conversation

@fzaninotto
Copy link
Member

@fzaninotto fzaninotto commented Feb 19, 2024
edited
Loading

cf GHSA-78xj-cgh5-2h22

This is not a security vulnerability in react-admin, as the ip package is only used in development

➜  react-admin git:(fix-ip-dependency) yarn why -R ip
├─ demo@workspace:examples/demo
│  └─ vite@npm:3.2.8 [216a7] (via npm:^3.2.0 [216a7])
│     ├─ fsevents@patch:fsevents@npm%3A2.3.2#~builtin<compat/fsevents>::version=2.3.2&hash=18f3a7 (via patch:fsevents@~2.3.2#~builtin<compat/fsevents>)
│     │  └─ node-gyp@npm:8.4.1 (via npm:latest)
│     │     └─ make-fetch-happen@npm:9.1.0 (via npm:^9.1.0)
│     │        └─ socks-proxy-agent@npm:6.1.1 (via npm:^6.0.0)
│     │           └─ socks@npm:2.6.2 (via npm:^2.6.1)
│     │              └─ ip@npm:1.1.9 (via npm:^1.1.5)
│     └─ rollup@npm:2.79.1 (via npm:^2.79.1)
│        └─ fsevents@patch:fsevents@npm%3A2.3.2#~builtin<compat/fsevents>::version=2.3.2&hash=18f3a7 (via patch:fsevents@~2.3.2#~builtin<compat/fsevents>)
│
├─ e2e@workspace:cypress
│  └─ cypress-vite@npm:1.4.0 [eb27d] (via npm:^1.4.0 [eb27d])
│     └─ chokidar@npm:3.5.3 (via npm:^3.5.3)
│        └─ fsevents@patch:fsevents@npm%3A2.3.2#~builtin<compat/fsevents>::version=2.3.2&hash=18f3a7 (via patch:fsevents@~2.3.2#~builtin<compat/fsevents>)
│
├─ no-code@workspace:examples/no-code
│  └─ vite@npm:3.2.8 [c85bd] (via npm:^3.2.0 [c85bd])
│     ├─ fsevents@patch:fsevents@npm%3A2.3.2#~builtin<compat/fsevents>::version=2.3.2&hash=18f3a7 (via patch:fsevents@~2.3.2#~builtin<compat/fsevents>)
│     └─ rollup@npm:2.79.1 (via npm:^2.79.1)
│
├─ react-admin-crm@workspace:examples/crm
│  └─ vite@npm:3.2.8 [c85bd] (via npm:^3.2.0 [c85bd])
│
├─ react-admin-lerna@workspace:.
│  ├─ jest-circus@npm:29.5.0 (via npm:29.5.0)
│  │  ├─ @jest/expect@npm:29.5.0 (via npm:^29.5.0)
│  │  │  └─ jest-snapshot@npm:29.5.0 (via npm:^29.5.0)
│  │  │     └─ @jest/transform@npm:29.5.0 (via npm:^29.5.0)
│  │  │        └─ jest-haste-map@npm:29.5.0 (via npm:^29.5.0)
│  │  │           └─ fsevents@patch:fsevents@npm%3A2.3.2#~builtin<compat/fsevents>::version=2.3.2&hash=18f3a7 (via patch:fsevents@^2.3.2#~builtin<compat/fsevents>)
│  │  ├─ jest-runtime@npm:29.5.0 (via npm:^29.5.0)
│  │  │  ├─ @jest/globals@npm:29.5.0 (via npm:^29.5.0)
│  │  │  │  └─ @jest/expect@npm:29.5.0 (via npm:^29.5.0)
│  │  │  ├─ @jest/transform@npm:29.5.0 (via npm:^29.5.0)
│  │  │  ├─ jest-haste-map@npm:29.5.0 (via npm:^29.5.0)
│  │  │  ├─ jest-resolve@npm:29.5.0 (via npm:^29.5.0)
│  │  │  │  └─ jest-haste-map@npm:29.5.0 (via npm:^29.5.0)
│  │  │  └─ jest-snapshot@npm:29.5.0 (via npm:^29.5.0)
│  │  └─ jest-snapshot@npm:29.5.0 (via npm:^29.5.0)
│  ├─ jest-resolve@npm:29.5.0 (via npm:29.5.0)
│  ├─ lerna@npm:7.0.2 (via npm:~7.0.2)
│  │  ├─ @lerna/create@npm:7.0.2 (via npm:7.0.2)
│  │  │  └─ pacote@npm:15.2.0 (via npm:^15.2.0)
│  │  │     ├─ @npmcli/run-script@npm:6.0.2 (via npm:^6.0.0)
│  │  │     │  └─ node-gyp@npm:9.0.0 (via npm:^9.0.0)
│  │  │     │     └─ make-fetch-happen@npm:10.1.8 (via npm:^10.0.3)
│  │  │     │        └─ socks-proxy-agent@npm:7.0.0 (via npm:^7.0.0)
│  │  │     │           └─ socks@npm:2.6.2 (via npm:^2.6.2)
│  │  │     ├─ npm-registry-fetch@npm:14.0.5 (via npm:^14.0.0)
│  │  │     │  └─ make-fetch-happen@npm:11.1.1 (via npm:^11.0.0)
│  │  │     │     └─ socks-proxy-agent@npm:7.0.0 (via npm:^7.0.0)
│  │  │     └─ sigstore@npm:1.6.0 (via npm:^1.3.0)
│  │  │        ├─ @sigstore/tuf@npm:1.0.0 (via npm:^1.0.0)
│  │  │        │  ├─ make-fetch-happen@npm:11.1.1 (via npm:^11.0.1)
│  │  │        │  └─ tuf-js@npm:1.1.7 (via npm:^1.1.3)
│  │  │        │     └─ make-fetch-happen@npm:11.1.1 (via npm:^11.1.1)
│  │  │        ├─ make-fetch-happen@npm:11.1.1 (via npm:^11.0.1)
│  │  │        └─ tuf-js@npm:1.1.7 (via npm:^1.1.3)
│  │  ├─ @npmcli/run-script@npm:6.0.2 (via npm:6.0.2)
│  │  ├─ libnpmaccess@npm:7.0.2 (via npm:7.0.2)
│  │  │  └─ npm-registry-fetch@npm:14.0.5 (via npm:^14.0.3)
│  │  ├─ libnpmpublish@npm:7.3.0 (via npm:7.3.0)
│  │  │  ├─ npm-registry-fetch@npm:14.0.5 (via npm:^14.0.3)
│  │  │  └─ sigstore@npm:1.6.0 (via npm:^1.4.0)
│  │  ├─ npm-registry-fetch@npm:14.0.5 (via npm:^14.0.5)
│  │  ├─ pacote@npm:15.2.0 (via npm:^15.2.0)
│  │  └─ nx@npm:16.3.2 [77bb7] (via npm:>=16.1.3 < 17 [77bb7])
│  │     └─ @parcel/watcher@npm:2.0.4 (via npm:2.0.4)
│  │        ├─ node-addon-api@npm:3.2.1 (via npm:^3.2.1)
│  │        │  └─ node-gyp@npm:8.4.1 (via npm:latest)
│  │        └─ node-gyp@npm:8.4.1 (via npm:latest)
│  ├─ storybook@npm:7.5.1 (via npm:^7.5.1)
│  │  └─ @storybook/cli@npm:7.5.1 (via npm:7.5.1)
│  │     └─ @storybook/core-server@npm:7.5.1 (via npm:7.5.1)
│  │        └─ ip@npm:2.0.1 (via npm:^2.0.0)
│  ├─ @storybook/addon-docs@npm:7.5.1 [b3bc7] (via npm:^7.5.1 [b3bc7])
│  │  ├─ @jest/transform@npm:29.5.0 (via npm:^29.3.1)
│  │  └─ @storybook/csf-plugin@npm:7.5.1 (via npm:7.5.1)
│  │     └─ unplugin@npm:1.5.0 (via npm:^1.3.1)
│  │        └─ chokidar@npm:3.5.3 (via npm:^3.5.3)
│  ├─ @storybook/react-webpack5@npm:7.5.1 [b3bc7] (via npm:^7.5.1 [b3bc7])
│  │  └─ @storybook/builder-webpack5@npm:7.5.1 [aac2e] (via npm:7.5.1 [aac2e])
│  │     └─ fork-ts-checker-webpack-plugin@npm:8.0.0 [b3064] (via npm:^8.0.0 [b3064])
│  │        └─ chokidar@npm:3.5.3 (via npm:^3.5.3)
│  └─ jest@npm:29.5.0 [b3bc7] (via npm:^29.5.0 [b3bc7])
│     ├─ @jest/core@npm:29.5.0 [f88b4] (via npm:^29.5.0 [f88b4])
│     │  ├─ @jest/transform@npm:29.5.0 (via npm:^29.5.0)
│     │  ├─ jest-haste-map@npm:29.5.0 (via npm:^29.5.0)
│     │  ├─ jest-resolve@npm:29.5.0 (via npm:^29.5.0)
│     │  ├─ jest-resolve-dependencies@npm:29.5.0 (via npm:^29.5.0)
│     │  │  └─ jest-snapshot@npm:29.5.0 (via npm:^29.5.0)
│     │  ├─ jest-runner@npm:29.5.0 (via npm:^29.5.0)
│     │  │  ├─ @jest/transform@npm:29.5.0 (via npm:^29.5.0)
│     │  │  ├─ jest-haste-map@npm:29.5.0 (via npm:^29.5.0)
│     │  │  ├─ jest-resolve@npm:29.5.0 (via npm:^29.5.0)
│     │  │  └─ jest-runtime@npm:29.5.0 (via npm:^29.5.0)
│     │  ├─ jest-runtime@npm:29.5.0 (via npm:^29.5.0)
│     │  ├─ jest-snapshot@npm:29.5.0 (via npm:^29.5.0)
│     │  ├─ @jest/reporters@npm:29.5.0 [f6985] (via npm:^29.5.0 [f6985])
│     │  │  └─ @jest/transform@npm:29.5.0 (via npm:^29.5.0)
│     │  └─ jest-config@npm:29.5.0 [f6985] (via npm:^29.5.0 [f6985])
│     │     ├─ @jest/test-sequencer@npm:29.5.0 (via npm:^29.5.0)
│     │     │  └─ jest-haste-map@npm:29.5.0 (via npm:^29.5.0)
│     │     ├─ jest-circus@npm:29.5.0 (via npm:^29.5.0)
│     │     ├─ jest-resolve@npm:29.5.0 (via npm:^29.5.0)
│     │     ├─ jest-runner@npm:29.5.0 (via npm:^29.5.0)
│     │     └─ babel-jest@npm:29.5.0 [224d0] (via npm:^29.5.0 [224d0])
│     │        └─ @jest/transform@npm:29.5.0 (via npm:^29.5.0)
│     └─ jest-cli@npm:29.5.0 [f88b4] (via npm:^29.5.0 [f88b4])
│        ├─ @jest/core@npm:29.5.0 [f88b4] (via npm:^29.5.0 [f88b4])
│        └─ jest-config@npm:29.5.0 [38069] (via npm:^29.5.0 [38069])
│           ├─ @jest/test-sequencer@npm:29.5.0 (via npm:^29.5.0)
│           ├─ jest-circus@npm:29.5.0 (via npm:^29.5.0)
│           ├─ jest-resolve@npm:29.5.0 (via npm:^29.5.0)
│           ├─ jest-runner@npm:29.5.0 (via npm:^29.5.0)
│           └─ babel-jest@npm:29.5.0 [224d0] (via npm:^29.5.0 [224d0])
│
├─ simple@workspace:examples/simple
│  └─ vite@npm:3.2.8 [c85bd] (via npm:^3.2.0 [c85bd])
│
└─ tutorial@workspace:examples/tutorial
   └─ vite@npm:3.2.8 [c85bd] (via npm:^3.2.0 [c85bd])

@fzaninotto fzaninotto added the RFR Ready For Review label Feb 19, 2024
@slax57 slax57 added this to the 4.16.12 milestone Feb 19, 2024
@slax57 slax57 merged commit b9b1257 into master Feb 19, 2024
@slax57 slax57 deleted the fix-ip-dependency branch February 19, 2024 11:25
@slax57 slax57 changed the title Fix vulnerable dev dependency ip [chore] Fix vulnerable dev dependency ip Mar 1, 2024
This was referenced May 20, 2024
Open
Open
djhi added a commit that referenced this pull request Jun 24, 2024
@djhi
Backport #9673
1bdaedc
@djhi djhi mentioned this pull request Jun 24, 2024
Merged
mjarosch pushed a commit to mjarosch/react-admin that referenced this pull request Jul 1, 2024
@djhi @mjarosch
Backport marmelab#9673
ac25ac4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@slax57 slax57 slax57 approved these changes

Assignees

No one assigned

Labels

RFR Ready For Review

Milestone

4.16.12

Development

Successfully merging this pull request may close these issues.

2 participants

@fzaninotto @slax57