Security vulnerability of turbo gen #8483
Labels
Comments
ghdtjgus76
added
kind: bug
|
Hello all! 👋 I'm wondering if there is patch planned for this for version 1 of turbo? Thanks in advance! 🙇 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Verify canary release
Link to code that reproduces this issue
.
What package manager are you using / does the bug impact?
pnpm
What operating system are you using?
Mac
Which canary version will you have in your reproduction?
[email protected]
Describe the Bug
turbo/gen relies on proxy-agent, which in turn depends on pac-proxy-agent and socks-proxy-agent.
pac-proxy-agent uses pac-resolver and socks-proxy-agent.
socks-proxy-agent depends on the socks package, and both pac-resolver and socks depend on the ip package.
As indicated in the reference below, using the ip package can lead to security issues, which will be flagged as vulnerabilities in the repository's security tab.
GHSA-78xj-cgh5-2h22
indutny/node-ip#150
Expected Behavior
It seems that the ip package is currently not actively maintained.
To address such issues, it might be beneficial to consider modifying the package.
To Reproduce
.
Additional context
No response
The text was updated successfully, but these errors were encountered: