[Security] Snyk detected CVE-2023-42282 in ip@2.0.1

[Nikhil-Kumar-TBS]

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the ip.isPublic() and ip.isPrivate() functions. An attacker can interact with internal network resources by supplying specially crafted IP address such as octal localhost format ("017700000001") that is incorrectly identified as public.

Note:

This issue exists because of an incomplete fix for CVE-2024-29415.

NVD link- https://nvd.nist.gov/vuln/detail/CVE-2024-29415

[ljharb]

Duplicate of #158.