Skip to content
This repository was archived by the owner on Oct 21, 2025. It is now read-only.

Bump ip from 1.1.5 to 2.0.1#39

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/ip-2.0.1
Open

Bump ip from 1.1.5 to 2.0.1#39
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/ip-2.0.1

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 16, 2025

Bumps ip from 1.1.5 to 2.0.1.

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump ip from 1.1.5 to 2.0.1
f16d8b1 
Bumps [ip](https://github.com/indutny/node-ip) from 1.1.5 to 2.0.1.
- [Commits](indutny/node-ip@v1.1.5...v2.0.1)

---
updated-dependencies:
- dependency-name: ip
  dependency-version: 2.0.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Sep 16, 2025
@wiz-inc-539929f929
Copy link

wiz-inc-539929f929 bot commented Sep 16, 2025

Wiz Scan Summary

Scanner Findings
Vulnerability Finding Vulnerabilities 12 Critical
Data Finding Sensitive Data -
Total 12 Critical

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

wiz-inc-539929f929[bot]
wiz-inc-539929f929 bot reviewed Sep 16, 2025
View reviewed changes
package-lock.json
Copy link

@wiz-inc-539929f929 wiz-inc-539929f929 bot Sep 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Critical Vulnerability Finding on line 4903

More Details

Vulnerabilities [lodash:4.17.11]

Name Severity Source Fixed version CVSS score CVSS exploitability score Has public exploit Has CISA KEV exploit
CVE-2019-10744 Critical GHSA-jf85-cpcp-j695 4.17.12 9.1 3.9 false false
CVE-2020-28500 Medium GHSA-29mw-wpgm-hmr9 4.17.21 5.3 3.9 false false
CVE-2020-8203 High GHSA-p6mc-m468-83gw 4.17.19 7.4 2.2 false false
CVE-2021-23337 High GHSA-35jh-r3h4-6jhm 4.17.21 7.2 1.2 false false

To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).

wiz-inc-539929f929[bot]
wiz-inc-539929f929 bot reviewed Sep 16, 2025
View reviewed changes
package-lock.json
Copy link

@wiz-inc-539929f929 wiz-inc-539929f929 bot Sep 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Critical Vulnerability Finding on line 4992

More Details

Vulnerabilities [minimist:0.0.10]

Name Severity Source Fixed version CVSS score CVSS exploitability score Has public exploit Has CISA KEV exploit
CVE-2020-7598 Medium GHSA-vh95-rmgr-6w4m 0.2.1 5.6 2.2 false false
CVE-2021-44906 Critical GHSA-xvch-5gv4-984h 0.2.4 9.8 3.9 true false

To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).

wiz-inc-539929f929[bot]
wiz-inc-539929f929 bot reviewed Sep 16, 2025
View reviewed changes
package-lock.json
Copy link

@wiz-inc-539929f929 wiz-inc-539929f929 bot Sep 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Critical Vulnerability Finding on line 155

More Details

Vulnerabilities [@babel/traverse:7.5.5]

Name Severity Source Fixed version CVSS score CVSS exploitability score Has public exploit Has CISA KEV exploit
CVE-2023-45133 Critical GHSA-67hx-6x53-jw92 7.23.2 8.8 2.0 false false

To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).

wiz-inc-539929f929[bot]
wiz-inc-539929f929 bot reviewed Sep 16, 2025
View reviewed changes
package-lock.json
Copy link

@wiz-inc-539929f929 wiz-inc-539929f929 bot Sep 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Critical Vulnerability Finding on line 2729

More Details

Vulnerabilities [form-data:2.3.3]

Name Severity Source Fixed version CVSS score CVSS exploitability score Has public exploit Has CISA KEV exploit
CVE-2025-7783 Critical GHSA-fjxv-7rqg-78g4 2.5.4 9.4 - false false

To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).

wiz-inc-539929f929[bot]
wiz-inc-539929f929 bot reviewed Sep 16, 2025
View reviewed changes
package-lock.json
Copy link

@wiz-inc-539929f929 wiz-inc-539929f929 bot Sep 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Critical Vulnerability Finding on line 3543

More Details

Vulnerabilities [json-schema:0.2.3]

Name Severity Source Fixed version CVSS score CVSS exploitability score Has public exploit Has CISA KEV exploit
CVE-2021-3918 Critical GHSA-896r-f27r-55mw 0.4.0 9.8 3.9 false false

To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).

wiz-inc-539929f929[bot]
wiz-inc-539929f929 bot reviewed Sep 16, 2025
View reviewed changes
package-lock.json
Copy link

@wiz-inc-539929f929 wiz-inc-539929f929 bot Sep 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Critical Vulnerability Finding on line 4676

More Details

Vulnerabilities [handlebars:4.1.0]

Name Severity Source Fixed version CVSS score CVSS exploitability score Has public exploit Has CISA KEV exploit
CVE-2019-19919 Critical GHSA-w457-6q6x-cgp9 4.3.0 9.8 3.9 false false
CVE-2019-20920 High GHSA-3cqr-58rm-57f8 4.5.3 8.1 2.2 false false
CVE-2019-20922 High GHSA-62gr-4qp9-h98f 4.4.5 7.5 3.9 false false
CVE-2021-23369 Critical GHSA-f2jv-r9rf-7988 4.7.7 9.8 3.9 false false
CVE-2021-23383 Critical GHSA-765h-qjxv-5f44 4.7.7 9.8 3.9 false false
GHSA-2cf5-4w76-r9qv High GHSA-2cf5-4w76-r9qv 4.5.2 7.3 - false false
GHSA-f52g-6jhx-586p Medium GHSA-f52g-6jhx-586p 4.4.5 - - false false
GHSA-g9r4-xpmj-mj65 High GHSA-g9r4-xpmj-mj65 4.5.3 - - false false
GHSA-q2c6-c6pm-g3gh High GHSA-q2c6-c6pm-g3gh 4.5.3 - - false false
GHSA-q42p-pg8m-cqh6 High GHSA-q42p-pg8m-cqh6 4.1.2 7.3 - false false
NSWG-ECO-519 Medium https://github.com/nodejs/security-wg/blob/main/vuln/npm/519.json 4.6.0 6.5 - false false

To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).

wiz-inc-539929f929[bot]
wiz-inc-539929f929 bot reviewed Sep 16, 2025
View reviewed changes
package-lock.json
Copy link

@wiz-inc-539929f929 wiz-inc-539929f929 bot Sep 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Critical Vulnerability Finding on line 4056

More Details

Vulnerabilities [minimist:0.0.8]

Name Severity Source Fixed version CVSS score CVSS exploitability score Has public exploit Has CISA KEV exploit
CVE-2020-7598 Medium GHSA-vh95-rmgr-6w4m 0.2.1 5.6 2.2 false false
CVE-2021-44906 Critical GHSA-xvch-5gv4-984h 0.2.4 9.8 3.9 true false

To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).

wiz-inc-539929f929[bot]
wiz-inc-539929f929 bot reviewed Sep 16, 2025
View reviewed changes
package-lock.json
Copy link

@wiz-inc-539929f929 wiz-inc-539929f929 bot Sep 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Critical Vulnerability Finding on line 2927

More Details

Vulnerabilities [handlebars:4.1.2]

Name Severity Source Fixed version CVSS score CVSS exploitability score Has public exploit Has CISA KEV exploit
CVE-2019-19919 Critical GHSA-w457-6q6x-cgp9 4.3.0 9.8 3.9 false false
CVE-2019-20920 High GHSA-3cqr-58rm-57f8 4.5.3 8.1 2.2 false false
CVE-2019-20922 High GHSA-62gr-4qp9-h98f 4.4.5 7.5 3.9 false false
CVE-2021-23369 Critical GHSA-f2jv-r9rf-7988 4.7.7 9.8 3.9 false false
CVE-2021-23383 Critical GHSA-765h-qjxv-5f44 4.7.7 9.8 3.9 false false
GHSA-2cf5-4w76-r9qv High GHSA-2cf5-4w76-r9qv 4.5.2 7.3 - false false
GHSA-f52g-6jhx-586p Medium GHSA-f52g-6jhx-586p 4.4.5 - - false false
GHSA-g9r4-xpmj-mj65 High GHSA-g9r4-xpmj-mj65 4.5.3 - - false false
GHSA-q2c6-c6pm-g3gh High GHSA-q2c6-c6pm-g3gh 4.5.3 - - false false
NSWG-ECO-519 Medium https://github.com/nodejs/security-wg/blob/main/vuln/npm/519.json 4.6.0 6.5 - false false

To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@wiz-inc-539929f929 wiz-inc-539929f929[bot] wiz-inc-539929f929[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants