mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-06 10:30:44 +00:00
fix(deps): override vulnerable ip-address
This commit is contained in:
Vincent Koc
@@ -107,6 +107,7 @@ Docs: https://docs.openclaw.ai
|
||||
|
||||
### Fixes
|
||||
|
||||
- Dependencies: override transitive `ip-address` to `10.2.0` so the runtime lockfile no longer includes the vulnerable `10.1.0` build flagged by Dependabot alert 109. Thanks @vincentkoc.
|
||||
- Feishu: hydrate missing native topic starter thread IDs before session routing so first turns and follow-ups stay in the same topic session. Fixes #78262. Thanks @joeyzenghuan.
|
||||
- LINE: reject `dmPolicy: "open"` configs without wildcard `allowFrom` so webhook DMs fail validation instead of being acknowledged and silently blocked before inbound processing. Fixes #78316.
|
||||
- Providers/xAI: stop sending OpenAI-style reasoning effort controls to native Grok Responses models, so `xai/grok-4.3` no longer fails live Docker/Gateway runs with `Invalid reasoning effort`.
|
||||
|
||||
@@ -1767,6 +1767,7 @@
|
||||
"@aws-sdk/client-bedrock-runtime": "$@aws-sdk/client-bedrock-runtime",
|
||||
"axios": "1.16.0",
|
||||
"follow-redirects": "1.16.0",
|
||||
"ip-address": "10.2.0",
|
||||
"node-domexception": "npm:@nolyfill/domexception@1.0.28",
|
||||
"uuid": "14.0.0"
|
||||
},
|
||||
@@ -1789,6 +1790,7 @@
|
||||
"basic-ftp": "5.3.0",
|
||||
"file-type": "22.0.1",
|
||||
"form-data": "2.5.4",
|
||||
"ip-address": "10.2.0",
|
||||
"minimatch": "10.2.5",
|
||||
"path-to-regexp": "8.4.0",
|
||||
"qs": "6.14.2",
|
||||
|
||||
9
pnpm-lock.yaml
generated
9
pnpm-lock.yaml
generated
@@ -18,6 +18,7 @@ overrides:
|
||||
basic-ftp: 5.3.0
|
||||
file-type: 22.0.1
|
||||
form-data: 2.5.4
|
||||
ip-address: 10.2.0
|
||||
minimatch: 10.2.5
|
||||
path-to-regexp: 8.4.0
|
||||
qs: 6.14.2
|
||||
@@ -5747,10 +5748,6 @@ packages:
|
||||
inline-style-parser@0.2.7:
|
||||
resolution: {integrity: sha512-Nb2ctOyNR8DqQoR0OwRG95uNWIC0C1lCgf5Naz5H6Ji72KZ8OcFZLz2P5sNgwlyoJ8Yif11oMuYs5pBQa86csA==}
|
||||
|
||||
ip-address@10.1.0:
|
||||
resolution: {integrity: sha512-XXADHxXmvT9+CRxhXg56LJovE+bmWnEWB78LB83VZTprKTmaC5QfruXocxzTZ2Kl0DNwKuBdlIhjL8LeY8Sf8Q==}
|
||||
engines: {node: '>= 12'}
|
||||
|
||||
ip-address@10.2.0:
|
||||
resolution: {integrity: sha512-/+S6j4E9AHvW9SWMSEY9Xfy66O5PWvVEJ08O0y5JGyEKQpojb0K0GKpz/v5HJ/G0vi3D2sjGK78119oXZeE0qA==}
|
||||
engines: {node: '>= 12'}
|
||||
@@ -12200,7 +12197,7 @@ snapshots:
|
||||
express-rate-limit@8.4.1(express@5.2.1):
|
||||
dependencies:
|
||||
express: 5.2.1
|
||||
ip-address: 10.1.0
|
||||
ip-address: 10.2.0
|
||||
|
||||
express@5.2.1:
|
||||
dependencies:
|
||||
@@ -12747,8 +12744,6 @@ snapshots:
|
||||
|
||||
inline-style-parser@0.2.7: {}
|
||||
|
||||
ip-address@10.1.0: {}
|
||||
|
||||
ip-address@10.2.0: {}
|
||||
|
||||
ipaddr.js@1.9.1: {}
|
||||
|
||||
Reference in New Issue
Block a user