This is rather a suggestion than an issue.
Today, yarn audit failed warning me about GHSA-78xj-cgh5-2h22 in mongodb>socks>ip
Running npx yarn-audit-fix ended in
Can't find satisfactory version for ip <0.0.0
Upgraded deps: <none>
However, there is actually a solution. Upgrading socks to version 2.7.3 because that package does not contain the vulnerable ip package anymore at all.
I don't know if such things would be too sophisticated, but if yarn-audit-fix could do such things automatically it would make it even better :)
This is rather a suggestion than an issue.
Today,
yarn auditfailed warning me about GHSA-78xj-cgh5-2h22 inmongodb>socks>ipRunning
npx yarn-audit-fixended inHowever, there is actually a solution. Upgrading
socksto version2.7.3because that package does not contain the vulnerableippackage anymore at all.I don't know if such things would be too sophisticated, but if
yarn-audit-fixcould do such things automatically it would make it even better :)