Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DevTools Bug]: CVE-2024-29415 (ip dependency) #29724

Closed
simioliolio opened this issue Jun 3, 2024 · 2 comments · Fixed by #29918
Closed

[DevTools Bug]: CVE-2024-29415 (ip dependency) #29724

simioliolio opened this issue Jun 3, 2024 · 2 comments · Fixed by #29918
Labels
Component: Developer Tools Status: Unconfirmed A potential issue that we haven't yet confirmed as a bug Type: Bug

Comments

@simioliolio
Copy link

simioliolio commented Jun 3, 2024
edited
Loading

Website or app

https://github.com/facebook/react

Repro steps

See this vulnerability GHSA-2p57-rm9w-gvfp

Can the version of ip be updated to at least v2.0.1 for react-devtools?

How often does this bug happen?

Every time

DevTools package (automated)

No response

DevTools version (automated)

No response

Error message (automated)

No response

Error call stack (automated)

No response

Error component stack (automated)

No response

GitHub query string (automated)

No response
@simioliolio simioliolio added Component: Developer Tools Status: Unconfirmed A potential issue that we haven't yet confirmed as a bug Type: Bug labels Jun 3, 2024
Rekl0w added a commit to Rekl0w/react that referenced this issue Jun 3, 2024
@Rekl0w
Fix facebook#29724: ip dependency update for CVE-2024-29415
8eb43ad
@Rekl0w
Copy link
Contributor

Rekl0w commented Jun 3, 2024

I submitted a PR about it.

@hoxyq hoxyq closed this as completed in 8d87e37 Jun 5, 2024
github-actions bot pushed a commit that referenced this issue Jun 5, 2024
@hoxyq
Fix #29724: ip dependency update for CVE-2024-29415 (#29725)
612c599 
## Summary

This version update of `ip` dependency solves the CVE-2024-29415
vulnerability.

DiffTrain build for commit 8d87e37.
@hoxyq
Copy link
Contributor

hoxyq commented Jun 5, 2024

Another CVE should be mitigated by #29772

@hoxyq hoxyq mentioned this issue Jun 17, 2024
Merged
hoxyq added a commit that referenced this issue Jun 18, 2024
@hoxyq
React DevTools 5.2.0 -> 5.3.0 (#29918)
1434af3 
Full list of changes:

* chore[react-devtools]: improve console arguments formatting before
passing it to original console ([hoxyq](https://github.com/hoxyq) in
[#29873](#29873))
* chore[react-devtools]: unify console patching and default to ansi
escape symbols ([hoxyq](https://github.com/hoxyq) in
[#29869](#29869))
* chore[react-devtools/backend]: remove
consoleManagedByDevToolsDuringStrictMode
([hoxyq](https://github.com/hoxyq) in
[#29856](#29856))
* chore[react-devtools/extensions]: make source maps url relative
([hoxyq](https://github.com/hoxyq) in
[#29886](#29886))
* fix[react-devtools] divided inspecting elements between inspecting do…
([vzaidman](https://github.com/vzaidman) in
[#29885](#29885))
* [Fiber] Create virtual Fiber when an error occurs during reconcilation
([sebmarkbage](https://github.com/sebmarkbage) in
[#29804](#29804))
* fix[react-devtools] component badge in light mode is now not invisible
([vzaidman](https://github.com/vzaidman) in
[#29852](#29852))
* Remove Warning: prefix and toString on console Arguments
([sebmarkbage](https://github.com/sebmarkbage) in
[#29839](#29839))
* Add jest lint rules ([rickhanlonii](https://github.com/rickhanlonii)
in [#29760](#29760))
* [Fiber] Track the Real Fiber for Key Warnings
([sebmarkbage](https://github.com/sebmarkbage) in
[#29791](#29791))
* fix[react-devtools/store-test]: fork the test to represent current be…
([hoxyq](https://github.com/hoxyq) in
[#29777](#29777))
* Default native inspections config false
([vzaidman](https://github.com/vzaidman) in
[#29784](#29784))
* fix[react-devtools] remove native inspection button when it can't be
used ([vzaidman](https://github.com/vzaidman) in
[#29779](#29779))
* chore[react-devtools]: ip => internal-ip
([hoxyq](https://github.com/hoxyq) in
[#29772](#29772))
* Fix #29724: `ip` dependency update for CVE-2024-29415
([Rekl0w](https://github.com/Rekl0w) in
[#29725](#29725))
* cleanup[react-devtools]: remove unused supportsProfiling flag from
store config ([hoxyq](https://github.com/hoxyq) in
[#29193](#29193))
* [Fiber] Enable Native console.createTask Stacks When Available
([sebmarkbage](https://github.com/sebmarkbage) in
[#29223](#29223))
* Move createElement/JSX Warnings into the Renderer
([sebmarkbage](https://github.com/sebmarkbage) in
[#29088](#29088))
* Set the current fiber to the source of the error during error
reporting ([sebmarkbage](https://github.com/sebmarkbage) in
[#29044](#29044))
* Unify ReactFiberCurrentOwner and ReactCurrentFiber
([sebmarkbage](https://github.com/sebmarkbage) in
[#29038](#29038))
* Dim `console` calls on additional Effect invocations due to
`StrictMode` ([eps1lon](https://github.com/eps1lon) in
[#29007](#29007))
* refactor[react-devtools]: rewrite context menus
([hoxyq](https://github.com/hoxyq) in
[#29049](#29049))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Component: Developer Tools Status: Unconfirmed A potential issue that we haven't yet confirmed as a bug Type: Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

React DevTools 5.2.0 -> 5.3.0 hoxyq/react
3 participants
@simioliolio @hoxyq @Rekl0w