diff --git a/.changeset/heavy-planets-stare.md b/.changeset/heavy-planets-stare.md new file mode 100644 index 0000000..b230327 --- /dev/null +++ b/.changeset/heavy-planets-stare.md @@ -0,0 +1,5 @@ +--- +'pac-resolver': patch +--- + +fix [GHSA-78xj-cgh5-2h22](https://github.com/advisories/GHSA-78xj-cgh5-2h22) vulnerability diff --git a/packages/pac-resolver/package.json b/packages/pac-resolver/package.json index 688383c..fb234fc 100644 --- a/packages/pac-resolver/package.json +++ b/packages/pac-resolver/package.json @@ -9,12 +9,10 @@ ], "dependencies": { "degenerator": "^5.0.0", - "ip": "^1.1.8", "netmask": "^2.0.2" }, "devDependencies": { "@tootallnate/quickjs-emscripten": "^0.23.0", - "@types/ip": "^1.1.0", "@types/jest": "^29.5.2", "@types/netmask": "^1.0.30", "@types/node": "^14.18.52", diff --git a/packages/pac-resolver/src/ip.ts b/packages/pac-resolver/src/ip.ts new file mode 100644 index 0000000..68bdce7 --- /dev/null +++ b/packages/pac-resolver/src/ip.ts @@ -0,0 +1,57 @@ +import os from 'os'; + +export const ip = { + address(): string { + const interfaces = os.networkInterfaces(); + + // Default to `ipv4` + const family = normalizeFamily(); + + const all = Object.values(interfaces).map((addrs = []) => { + const addresses = addrs.filter((details) => { + const detailsFamily = normalizeFamily(details.family); + if (detailsFamily !== family || ip.isLoopback(details.address)) { + return false; + } + return true; + + }); + + return addresses.length ? addresses[0].address : undefined; + }).filter(Boolean); + + return !all.length ? ip.loopback(family) : all[0] as string; + }, + + isLoopback(addr: string): boolean { + return /^(::f{4}:)?127\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})/ + .test(addr) + || /^fe80::1$/.test(addr) + || /^::1$/.test(addr) + || /^::$/.test(addr); + }, + + loopback(family: IpFamily): string { + // Default to `ipv4` + family = normalizeFamily(family); + + if (family !== 'ipv4' && family !== 'ipv6') { + throw new Error('family must be ipv4 or ipv6'); + } + + return family === 'ipv4' ? '127.0.0.1' : 'fe80::1'; + } + +}; + +function normalizeFamily(family?: unknown): IpFamily { + if (family === 4) { + return 'ipv4'; + } + if (family === 6) { + return 'ipv6'; + } + return family ? (family as string).toLowerCase() as IpFamily : 'ipv4'; +} + +type IpFamily = 'ipv4' | 'ipv6' diff --git a/packages/pac-resolver/src/myIpAddress.ts b/packages/pac-resolver/src/myIpAddress.ts index 9ec9ff5..ac836b8 100644 --- a/packages/pac-resolver/src/myIpAddress.ts +++ b/packages/pac-resolver/src/myIpAddress.ts @@ -1,4 +1,4 @@ -import ip from 'ip'; +import { ip } from './ip'; import net, { AddressInfo } from 'net'; /** diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index d3752ed..2b10b47 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -1,5 +1,9 @@ lockfileVersion: '6.0' +settings: + autoInstallPeers: true + excludeLinksFromLockfile: false + importers: .: @@ -9,10 +13,10 @@ importers: version: 2.26.2 '@typescript-eslint/eslint-plugin': specifier: ^5.59.1 - version: 5.60.1(@typescript-eslint/parser@5.60.1)(eslint@7.32.0) + version: 5.60.1(@typescript-eslint/parser@5.60.1)(eslint@7.32.0)(typescript@5.1.6) '@typescript-eslint/parser': specifier: ^5.59.1 - version: 5.60.1(eslint@7.32.0) + version: 5.60.1(eslint@7.32.0)(typescript@5.1.6) eslint: specifier: ^7.32.0 version: 7.32.0 @@ -58,7 +62,7 @@ importers: version: 29.5.0(@types/node@14.18.45) ts-jest: specifier: ^29.1.0 - version: 29.1.0(jest@29.5.0)(typescript@5.0.4) + version: 29.1.0(@babel/core@7.22.5)(jest@29.5.0)(typescript@5.0.4) tsconfig: specifier: workspace:* version: link:../tsconfig @@ -82,7 +86,7 @@ importers: version: 29.5.0(@types/node@14.18.45) ts-jest: specifier: ^29.1.0 - version: 29.1.0(jest@29.5.0)(typescript@5.0.4) + version: 29.1.0(@babel/core@7.22.5)(jest@29.5.0)(typescript@5.0.4) tsconfig: specifier: workspace:* version: link:../tsconfig @@ -122,7 +126,7 @@ importers: version: 29.5.0(@types/node@14.18.52) ts-jest: specifier: ^29.1.0 - version: 29.1.0(jest@29.5.0)(typescript@5.1.6) + version: 29.1.0(@babel/core@7.22.5)(jest@29.5.0)(typescript@5.1.6) tsconfig: specifier: workspace:* version: link:../tsconfig @@ -174,7 +178,7 @@ importers: version: 1.2.2 ts-jest: specifier: ^29.1.0 - version: 29.1.0(jest@29.5.0)(typescript@5.0.4) + version: 29.1.0(@babel/core@7.22.5)(jest@29.5.0)(typescript@5.0.4) tsconfig: specifier: workspace:* version: link:../tsconfig @@ -211,7 +215,7 @@ importers: version: link:../proxy ts-jest: specifier: ^29.1.0 - version: 29.1.0(jest@29.5.0)(typescript@5.0.4) + version: 29.1.0(@babel/core@7.22.5)(jest@29.5.0)(typescript@5.0.4) tsconfig: specifier: workspace:* version: link:../tsconfig @@ -254,7 +258,7 @@ importers: version: link:../proxy ts-jest: specifier: ^29.1.0 - version: 29.1.0(jest@29.5.0)(typescript@5.0.4) + version: 29.1.0(@babel/core@7.22.5)(jest@29.5.0)(typescript@5.0.4) tsconfig: specifier: workspace:* version: link:../tsconfig @@ -312,7 +316,7 @@ importers: version: 0.0.6 ts-jest: specifier: ^29.1.0 - version: 29.1.0(jest@29.5.0)(typescript@5.0.4) + version: 29.1.0(@babel/core@7.22.5)(jest@29.5.0)(typescript@5.0.4) tsconfig: specifier: workspace:* version: link:../tsconfig @@ -325,9 +329,6 @@ importers: degenerator: specifier: ^5.0.0 version: link:../degenerator - ip: - specifier: ^1.1.8 - version: 1.1.8 netmask: specifier: ^2.0.2 version: 2.0.2 @@ -335,9 +336,6 @@ importers: '@tootallnate/quickjs-emscripten': specifier: ^0.23.0 version: 0.23.0 - '@types/ip': - specifier: ^1.1.0 - version: 1.1.0 '@types/jest': specifier: ^29.5.2 version: 29.5.2 @@ -352,7 +350,7 @@ importers: version: 29.5.0(@types/node@14.18.52) ts-jest: specifier: ^29.1.0 - version: 29.1.0(jest@29.5.0)(typescript@5.1.6) + version: 29.1.0(@babel/core@7.21.4)(jest@29.5.0)(typescript@5.1.6) tsconfig: specifier: workspace:* version: link:../tsconfig @@ -392,7 +390,7 @@ importers: version: 29.5.0(@types/node@14.18.45) ts-jest: specifier: ^29.1.0 - version: 29.1.0(jest@29.5.0)(typescript@5.0.4) + version: 29.1.0(@babel/core@7.22.5)(jest@29.5.0)(typescript@5.0.4) tsconfig: specifier: workspace:* version: link:../tsconfig @@ -459,7 +457,7 @@ importers: version: github.com/TooTallNate/socksv5/d937368b28e929396166d77a06d387a4a902bd51 ts-jest: specifier: ^29.1.0 - version: 29.1.0(jest@29.5.0)(typescript@5.0.4) + version: 29.1.0(@babel/core@7.22.5)(jest@29.5.0)(typescript@5.0.4) tsconfig: specifier: workspace:* version: link:../tsconfig @@ -520,7 +518,7 @@ importers: version: github.com/TooTallNate/socksv5/d937368b28e929396166d77a06d387a4a902bd51 ts-jest: specifier: ^29.1.0 - version: 29.1.0(jest@29.5.0)(typescript@5.0.4) + version: 29.1.0(@babel/core@7.22.5)(jest@29.5.0)(typescript@5.0.4) tsconfig: specifier: workspace:* version: link:../tsconfig @@ -1866,12 +1864,6 @@ packages: '@types/node': 14.18.45 dev: true - /@types/ip@1.1.0: - resolution: {integrity: sha512-dwNe8gOoF70VdL6WJBwVHtQmAX4RMd62M+mAB9HQFjG1/qiCLM/meRy95Pd14FYBbEDwCq7jgJs89cHpLBu4HQ==} - dependencies: - '@types/node': 14.18.52 - dev: true - /@types/is-ci@3.0.0: resolution: {integrity: sha512-Q0Op0hdWbYd1iahB+IFNQcWXFq4O0Q5MwQP7uN0souuQ4rPg1vEYcnIOfr1gY+M+6rc8FGoRaBO1mOOvL29sEQ==} dependencies: @@ -1995,7 +1987,7 @@ packages: '@types/yargs-parser': 21.0.0 dev: true - /@typescript-eslint/eslint-plugin@5.60.1(@typescript-eslint/parser@5.60.1)(eslint@7.32.0): + /@typescript-eslint/eslint-plugin@5.60.1(@typescript-eslint/parser@5.60.1)(eslint@7.32.0)(typescript@5.1.6): resolution: {integrity: sha512-KSWsVvsJsLJv3c4e73y/Bzt7OpqMCADUO846bHcuWYSYM19bldbAeDv7dYyV0jwkbMfJ2XdlzwjhXtuD7OY6bw==} engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} peerDependencies: @@ -2007,22 +1999,23 @@ packages: optional: true dependencies: '@eslint-community/regexpp': 4.5.1 - '@typescript-eslint/parser': 5.60.1(eslint@7.32.0) + '@typescript-eslint/parser': 5.60.1(eslint@7.32.0)(typescript@5.1.6) '@typescript-eslint/scope-manager': 5.60.1 - '@typescript-eslint/type-utils': 5.60.1(eslint@7.32.0) - '@typescript-eslint/utils': 5.60.1(eslint@7.32.0) + '@typescript-eslint/type-utils': 5.60.1(eslint@7.32.0)(typescript@5.1.6) + '@typescript-eslint/utils': 5.60.1(eslint@7.32.0)(typescript@5.1.6) debug: 4.3.4 eslint: 7.32.0 grapheme-splitter: 1.0.4 ignore: 5.2.4 natural-compare-lite: 1.4.0 semver: 7.5.3 - tsutils: 3.21.0 + tsutils: 3.21.0(typescript@5.1.6) + typescript: 5.1.6 transitivePeerDependencies: - supports-color dev: true - /@typescript-eslint/parser@5.60.1(eslint@7.32.0): + /@typescript-eslint/parser@5.60.1(eslint@7.32.0)(typescript@5.1.6): resolution: {integrity: sha512-pHWlc3alg2oSMGwsU/Is8hbm3XFbcrb6P5wIxcQW9NsYBfnrubl/GhVVD/Jm/t8HXhA2WncoIRfBtnCgRGV96Q==} engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} peerDependencies: @@ -2034,9 +2027,10 @@ packages: dependencies: '@typescript-eslint/scope-manager': 5.60.1 '@typescript-eslint/types': 5.60.1 - '@typescript-eslint/typescript-estree': 5.60.1 + '@typescript-eslint/typescript-estree': 5.60.1(typescript@5.1.6) debug: 4.3.4 eslint: 7.32.0 + typescript: 5.1.6 transitivePeerDependencies: - supports-color dev: true @@ -2049,7 +2043,7 @@ packages: '@typescript-eslint/visitor-keys': 5.60.1 dev: true - /@typescript-eslint/type-utils@5.60.1(eslint@7.32.0): + /@typescript-eslint/type-utils@5.60.1(eslint@7.32.0)(typescript@5.1.6): resolution: {integrity: sha512-vN6UztYqIu05nu7JqwQGzQKUJctzs3/Hg7E2Yx8rz9J+4LgtIDFWjjl1gm3pycH0P3mHAcEUBd23LVgfrsTR8A==} engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} peerDependencies: @@ -2059,11 +2053,12 @@ packages: typescript: optional: true dependencies: - '@typescript-eslint/typescript-estree': 5.60.1 - '@typescript-eslint/utils': 5.60.1(eslint@7.32.0) + '@typescript-eslint/typescript-estree': 5.60.1(typescript@5.1.6) + '@typescript-eslint/utils': 5.60.1(eslint@7.32.0)(typescript@5.1.6) debug: 4.3.4 eslint: 7.32.0 - tsutils: 3.21.0 + tsutils: 3.21.0(typescript@5.1.6) + typescript: 5.1.6 transitivePeerDependencies: - supports-color dev: true @@ -2073,7 +2068,7 @@ packages: engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} dev: true - /@typescript-eslint/typescript-estree@5.60.1: + /@typescript-eslint/typescript-estree@5.60.1(typescript@5.1.6): resolution: {integrity: sha512-hkX70J9+2M2ZT6fhti5Q2FoU9zb+GeZK2SLP1WZlvUDqdMbEKhexZODD1WodNRyO8eS+4nScvT0dts8IdaBzfw==} engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} peerDependencies: @@ -2088,12 +2083,13 @@ packages: globby: 11.1.0 is-glob: 4.0.3 semver: 7.5.3 - tsutils: 3.21.0 + tsutils: 3.21.0(typescript@5.1.6) + typescript: 5.1.6 transitivePeerDependencies: - supports-color dev: true - /@typescript-eslint/utils@5.60.1(eslint@7.32.0): + /@typescript-eslint/utils@5.60.1(eslint@7.32.0)(typescript@5.1.6): resolution: {integrity: sha512-tiJ7FFdFQOWssFa3gqb94Ilexyw0JVxj6vBzaSpfN/8IhoKkDuSAenUKvsSHw2A/TMpJb26izIszTXaqygkvpQ==} engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} peerDependencies: @@ -2104,7 +2100,7 @@ packages: '@types/semver': 7.5.0 '@typescript-eslint/scope-manager': 5.60.1 '@typescript-eslint/types': 5.60.1 - '@typescript-eslint/typescript-estree': 5.60.1 + '@typescript-eslint/typescript-estree': 5.60.1(typescript@5.1.6) eslint: 7.32.0 eslint-scope: 5.1.1 semver: 7.5.3 @@ -3531,10 +3527,6 @@ packages: side-channel: 1.0.4 dev: true - /ip@1.1.8: - resolution: {integrity: sha512-PuExPYUiu6qMBQb4l06ecm6T6ujzhmh+MeJcW9wa89PoAz5pvd4zPgN5WJV104mb6S2T1AwNIAaB70JNrLQWhg==} - dev: false - /ip@2.0.0: resolution: {integrity: sha512-WKa+XuLG1A1R0UWhl2+1XQSi+fZWMsYKffMZTTYsiZaUD8k2yDAj5atimTUD2TZkyCkNEeYE5NhFZmupOGtjYQ==} dev: false @@ -5419,7 +5411,41 @@ packages: engines: {node: '>=8'} dev: true - /ts-jest@29.1.0(jest@29.5.0)(typescript@5.0.4): + /ts-jest@29.1.0(@babel/core@7.21.4)(jest@29.5.0)(typescript@5.1.6): + resolution: {integrity: sha512-ZhNr7Z4PcYa+JjMl62ir+zPiNJfXJN6E8hSLnaUKhOgqcn8vb3e537cpkd0FuAfRK3sR1LSqM1MOhliXNgOFPA==} + engines: {node: ^14.15.0 || ^16.10.0 || >=18.0.0} + hasBin: true + peerDependencies: + '@babel/core': '>=7.0.0-beta.0 <8' + '@jest/types': ^29.0.0 + babel-jest: ^29.0.0 + esbuild: '*' + jest: ^29.0.0 + typescript: '>=4.3 <6' + peerDependenciesMeta: + '@babel/core': + optional: true + '@jest/types': + optional: true + babel-jest: + optional: true + esbuild: + optional: true + dependencies: + '@babel/core': 7.21.4 + bs-logger: 0.2.6 + fast-json-stable-stringify: 2.1.0 + jest: 29.5.0(@types/node@14.18.52) + jest-util: 29.5.0 + json5: 2.2.3 + lodash.memoize: 4.1.2 + make-error: 1.3.6 + semver: 7.5.0 + typescript: 5.1.6 + yargs-parser: 21.1.1 + dev: true + + /ts-jest@29.1.0(@babel/core@7.22.5)(jest@29.5.0)(typescript@5.0.4): resolution: {integrity: sha512-ZhNr7Z4PcYa+JjMl62ir+zPiNJfXJN6E8hSLnaUKhOgqcn8vb3e537cpkd0FuAfRK3sR1LSqM1MOhliXNgOFPA==} engines: {node: ^14.15.0 || ^16.10.0 || >=18.0.0} hasBin: true @@ -5440,6 +5466,7 @@ packages: esbuild: optional: true dependencies: + '@babel/core': 7.22.5 bs-logger: 0.2.6 fast-json-stable-stringify: 2.1.0 jest: 29.5.0(@types/node@14.18.45) @@ -5452,7 +5479,7 @@ packages: yargs-parser: 21.1.1 dev: true - /ts-jest@29.1.0(jest@29.5.0)(typescript@5.1.6): + /ts-jest@29.1.0(@babel/core@7.22.5)(jest@29.5.0)(typescript@5.1.6): resolution: {integrity: sha512-ZhNr7Z4PcYa+JjMl62ir+zPiNJfXJN6E8hSLnaUKhOgqcn8vb3e537cpkd0FuAfRK3sR1LSqM1MOhliXNgOFPA==} engines: {node: ^14.15.0 || ^16.10.0 || >=18.0.0} hasBin: true @@ -5473,6 +5500,7 @@ packages: esbuild: optional: true dependencies: + '@babel/core': 7.22.5 bs-logger: 0.2.6 fast-json-stable-stringify: 2.1.0 jest: 29.5.0(@types/node@14.18.52) @@ -5493,13 +5521,14 @@ packages: resolution: {integrity: sha512-7At1WUettjcSRHXCyYtTselblcHl9PJFFVKiCAy/bY97+BPZXSQ2wbq0P9s8tK2G7dFQfNnlJnPAiArVBVBsfA==} dev: false - /tsutils@3.21.0: + /tsutils@3.21.0(typescript@5.1.6): resolution: {integrity: sha512-mHKK3iUXL+3UF6xL5k0PEhKRUBKPBCv/+RkEOpjRWxxx27KKRBmmA60A9pgOUvMi8GKhRMPEmjBRPzs2W7O1OA==} engines: {node: '>= 6'} peerDependencies: typescript: '>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta' dependencies: tslib: 1.14.1 + typescript: 5.1.6 dev: true /tty-table@4.2.1: @@ -5953,7 +5982,3 @@ packages: dev: true bundledDependencies: - ipv6 - -settings: - autoInstallPeers: true - excludeLinksFromLockfile: false