dependabot npm(deps): [security] bump ip and unleash-client

Bumps ip to 2.0.1 and updates ancestor dependency unleash-client. These dependencies need to be updated together.

Updates ip from 1.1.8 to 2.0.1 This update includes a security fix.

Vulnerabilities fixed

NPM IP package vulnerable to Server-Side Request Forgery (SSRF) attacks An issue in all published versions of the NPM package ip allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function. This can lead to potential Server-Side Request Forgery (SSRF) attacks. The core issue is the function's failure to accurately distinguish between public and private IP addresses.

Patched versions: none Affected versions: <= 2.0.0

Commits

• 3b0994a 2.0.1
• 32f468f lib: fixed CVE-2023-42282 and added unit test
• 4b2f4e7 2.0.0
• 369d56d lib: use Buffer.alloc
• See full diff in compare view

Updates unleash-client from 5.5.0 to 5.5.1

Release notes

Sourced from unleash-client's releases.

v5.5.1

What's Changed

• chore(deps): update unleash/.github action to v1.1.2 by @​renovate in Unleash/unleash-client-node#584
• chore(deps): update dependency prettier to v3.2.5 by @​renovate in Unleash/unleash-client-node#576
• chore(deps): update dependency redis to v4.6.13 by @​renovate in Unleash/unleash-client-node#577
• chore(deps): update dependency semver to v7.6.0 by @​renovate in Unleash/unleash-client-node#578
• chore(security): bump node-ip dependency by @​gastonfournier in Unleash/unleash-client-node#591

Full Changelog: https://github.com/Unleash/unleash-client-node/compare/v5.5.0...v5.5.1

Commits

• 42b099e v5.5.1
• c70d918 chore(security): bump node-ip dependency (#591)
• 383c06e chore(deps): update dependency semver to v7.6.0 (#578)
• 0b25603 chore(deps): update dependency redis to v4.6.13 (#577)
• 2a1dff1 chore(deps): update dependency prettier to v3.2.5 (#576)
• 4a5affe chore(deps): update unleash/.github action to v1.1.2 (#584)
• See full diff in compare view