react-native-community
Switch ip package to ip-address from beaugunderson
Describe the Feature
I integrate react-native-community in my dependencies in my react native app. Whenever I do the yarn audit, i see this:
yarn audit v1.22.22 ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ high │ ip SSRF improper categorization in isPublic │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ ip │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ No patch available │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ @react-native-community/cli-doctor │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ @react-native-community/cli-doctor > ip │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://www.npmjs.com/advisories/1101851 │ └───────────────┴──────────────────────────────────────────────────────────────┘ 1 vulnerabilities found - Packages audited: 965 Severity: 1 High
Possible Implementations
I have seen online that npm switched over to the ip-address package to resolve this issue on their end. I am curious if that would be possible in your codebase.
This is the repositories of ip-address : https://www.npmjs.com/package/ip-address
There hasn't been any activity on this issue in the past 3 months, so it has been marked as stale and it will be closed automatically if no further activity occurs in the next 7 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}