Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[dep] Upgrade packages to remove ip dependency #1192

Merged
merged 3 commits into from
Feb 14, 2024
Merged

[dep] Upgrade packages to remove ip dependency #1192

merged 3 commits into from
Feb 14, 2024

Conversation

Drarig29
Copy link
Contributor

@Drarig29 Drarig29 commented Feb 14, 2024
edited
Loading

What and why?

Fixes https://github.com/DataDog/datadog-ci/security/dependabot/38
Fixes #1188

This PR upgrades 4 packages to get rid of the ip dependency, which is vulnerable.

How?

yarn set resolution pac-resolver@npm:^7.0.0 7.0.1
yarn set resolution node-gyp@npm:latest 10.0.1
yarn set resolution socks@npm:^2.7.1 2.7.3

and set "proxy-agent": "^6.4.0" in package.json + remove a few outdated resolutions in package.json

Review checklist

  • Feature or bugfix MUST have appropriate tests (unit, integration)

@Drarig29 Drarig29 requested a review from a team as a code owner February 14, 2024 10:25
@Drarig29 Drarig29 merged commit 758e568 into master Feb 14, 2024
14 checks passed
@Drarig29 Drarig29 deleted the corentin.girard/fix-ip-vulnerability branch February 14, 2024 17:29
This was referenced Feb 15, 2024
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@etnbrd etnbrd etnbrd approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Vulnerability for ip package in proxy-agent
2 participants
@Drarig29 @etnbrd