Skip to content

Commit 552239f

Browse files
authored
Merge pull request #58 from advanced-security/copilot/fix-dependabot-alerts-again
Fix 12 dependabot alerts: update transitive deps, replace vulnerable `ip` package, bump fast-xml-parser override
2 parents 49f00be + 72f55aa commit 552239f

File tree

20 files changed

+9844
-10070
lines changed

20 files changed

+9844
-10070
lines changed

functions/authorizers/githubWebhookIPValidator/package-lock.json

Lines changed: 634 additions & 657 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

functions/authorizers/githubWebhookIPValidator/package.json

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,6 @@
1111
"devDependencies": {
1212
"@tsconfig/node18": "^1.0.1",
1313
"@types/aws-lambda": "^8.10.109",
14-
"@types/ip": "^1.1.0",
1514
"@types/json-schema": "^7.0.11",
1615
"@types/node": "^18.11.17",
1716
"@typescript-eslint/eslint-plugin": "^5.47.0",
@@ -35,6 +34,6 @@
3534
"@aws-sdk/client-ssm": "^3.816.0",
3635
"@octokit/auth-app": "^8.0.1",
3736
"@octokit/graphql": "^9.0.1",
38-
"ip": "^2.0.1"
37+
"ipaddr.js": "^2.2.0"
3938
}
4039
}

functions/authorizers/githubWebhookIPValidator/src/checkIPs.ts

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,11 @@
1-
import { cidrSubnet } from "ip";
1+
import * as ipaddr from "ipaddr.js";
22

33
const findIP = (keys: string[], ipToCheck: string) => {
4-
return keys.some((cidr) => cidrSubnet(cidr).contains(ipToCheck));
4+
const parsedIP = ipaddr.parse(ipToCheck);
5+
return keys.some((cidr) => {
6+
const [addr, prefixLength] = ipaddr.parseCIDR(cidr);
7+
return parsedIP.match(addr, prefixLength);
8+
});
59
};
610

711
export const checkIPs = async (

0 commit comments

Comments
 (0)