Skip to content

Commit

Permalink
Merge pull request #1518 from dlorenc/npm
Browse files Browse the repository at this point in the history 
Nack CVE-2023-42282 in npm and related packages.
  • Loading branch information
@dlorenc
dlorenc authored Feb 18, 2024
2 parents 1f4ee4e + f62e5a8 commit 483c6e1
Show file tree
Hide file tree
Showing 6 changed files with 30 additions and 0 deletions.
5 changes: 5 additions & 0 deletions lerna.advisories.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,3 +29,8 @@ advisories:
componentType: npm
componentLocation: /usr/local/lib/node_modules/lerna/node_modules/ip/package.json
scanner: grype
- timestamp: 2024-02-18T15:59:08Z
type: false-positive-determination
data:
type: vulnerable-code-version-not-used
note: The vulnerability is only present in versions of ip before v1.1.8, but we have version 2.0.0. The metadata is wrong in the NVD.
5 changes: 5 additions & 0 deletions node-gyp.advisories.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,8 @@ advisories:
componentType: npm
componentLocation: /usr/lib/node_modules/node-gyp/node_modules/ip/package.json
scanner: grype
- timestamp: 2024-02-18T15:59:30Z
type: false-positive-determination
data:
type: vulnerable-code-version-not-used
note: The vulnerability is only present in versions of ip before v1.1.8, but we have version 2.0.0. The metadata is wrong in the NVD.
5 changes: 5 additions & 0 deletions npm.advisories.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,8 @@ advisories:
type: pending-upstream-fix
data:
note: Upstream fixes are actively being attempted, such as in https://github.com/indutny/node-ip/pull/138, and once a solution is accepted we should incorporate that into this package.
- timestamp: 2024-02-18T15:58:43Z
type: false-positive-determination
data:
type: vulnerable-code-version-not-used
note: The vulnerability is only present in versions of ip before v1.1.8, but we have version 2.0.0. The metadata is wrong in the NVD.
5 changes: 5 additions & 0 deletions pnpm-stage0.advisories.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,8 @@ advisories:
componentType: npm
componentLocation: /usr/lib/node_modules/pnpm/dist/node_modules/ip/package.json
scanner: grype
- timestamp: 2024-02-18T15:59:51Z
type: false-positive-determination
data:
type: vulnerable-code-version-not-used
note: The vulnerability is only present in versions of ip before v1.1.8, but we have version 2.0.0. The metadata is wrong in the NVD.
5 changes: 5 additions & 0 deletions renovate.advisories.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,8 @@ advisories:
type: fixed
data:
fixed-version: 37.186.1-r0
- timestamp: 2024-02-18T16:00:09Z
type: false-positive-determination
data:
type: vulnerable-code-version-not-used
note: The vulnerability is only present in versions of ip before v1.1.8, but we have version 2.0.0. The metadata is wrong in the NVD.
5 changes: 5 additions & 0 deletions sqlpad.advisories.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,8 @@ advisories:
componentType: npm
componentLocation: /usr/bin/sqlpad-server/node_modules/ip/package.json
scanner: grype
- timestamp: 2024-02-18T16:00:25Z
type: false-positive-determination
data:
type: vulnerable-code-version-not-used
note: The vulnerability is only present in versions of ip before v1.1.8, but we have version 2.0.0. The metadata is wrong in the NVD.

0 comments on commit 483c6e1

Please sign in to comment.