Switch ip package to ip-address from beaugunderson #2713
Description
Describe the Feature
I integrate react-native-community in my dependencies in my react native app. Whenever I do the yarn audit, i see this:
yarn audit v1.22.22
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ ip SSRF improper categorization in isPublic │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ ip │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ No patch available │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @react-native-community/cli-doctor │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ @react-native-community/cli-doctor > ip │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1101851 │
└───────────────┴──────────────────────────────────────────────────────────────┘
1 vulnerabilities found - Packages audited: 965
Severity: 1 High
Possible Implementations
I have seen online that npm switched over to the ip-address package to resolve this issue on their end. I am curious if that would be possible in your codebase.
This is the repositories of ip-address :
https://www.npmjs.com/package/ip-address