Skip to content

v22.0.1

Latest
Latest

Choose a tag to compare

View all tags
@brandonlehmann brandonlehmann released this 12 May 21:44
v22.0.1
This tag was signed with the committer’s verified signature.
brandonlehmann Brandon Lehmann
GPG key ID: 1D2D550BA08AA3F0
Verified
Learn about vigilant mode.
60c0a2b
This commit was signed with the committer’s verified signature.
brandonlehmann Brandon Lehmann
GPG key ID: 1D2D550BA08AA3F0
Verified
Learn about vigilant mode.

What's Changed

  • Bump ip-address to ^10.2.0 to clear GHSA-v2v4-37r5-5v8g / CVE-2026-42338, a moderate-severity XSS in Address6.group(), Address6.link(), and AddressError.parseMessage for versions <= 10.1.0.

Impact on this package

This package does not invoke any of the affected HTML-emitting methods on Address6; the advisory specifically notes that real-world exposure is "extremely limited" and that consumers using only the address-parsing and comparison APIs are not affected. This release is published purely to clear the upstream Dependabot alert and keep the dependency tree current.

Full Changelog: v22.0.0...v22.0.1

Assets 2
Loading