Merge pull request #2752 from modernweb-dev/fix/ip-security-bug-CVE-2024-29415

fix: replace ip dependency due to security bug CVE-2024-29415

Author: bashmish

.changeset/lemon-suns-sneeze.md

@@ -0,0 +1,8 @@
+---
+'@web/test-runner-browserstack': patch
+'@web/test-runner-saucelabs': patch
+'@web/test-runner-core': patch
+'@web/dev-server': patch
+---
+
+replace ip dependency due to security bug CVE-2024-29415

package-lock.json

@@ -65,7 +65,7 @@
     "command-line-usage": "^7.0.1",
     "debounce": "^1.2.0",
     "deepmerge": "^4.2.2",
-    "ip": "^2.0.1",
+    "internal-ip": "^6.2.0",
     "nanocolors": "^0.2.1",
     "open": "^8.0.2",
     "portfinder": "^1.0.32"

packages/dev-server/package.json

@@ -1,14 +1,14 @@
 import { DevServerConfig } from '../config/DevServerConfig';
 import { Logger } from '@web/dev-server-core';
-import ip from 'ip';
+import internalIp from 'internal-ip';
 import { bold, cyan, white } from 'nanocolors';
 
 const createAddress = (config: DevServerConfig, host: string, path: string) =>
   `http${config.http2 ? 's' : ''}://${host}:${config.port}${path}`;
 
 function logNetworkAddress(config: DevServerConfig, logger: Logger, openPath: string) {
   try {
-    const address = ip.address();
+    const address = internalIp.v4.sync();
     if (typeof address === 'string') {
       logger.log(`${white('Network:')}  ${cyan(createAddress(config, address, openPath))}`);
     }

packages/dev-server/src/logger/logStartMessage.ts

@@ -48,7 +48,7 @@
   "dependencies": {
     "@web/test-runner-webdriver": "^0.8.0",
     "browserstack-local": "^1.4.8",
-    "ip": "^2.0.1",
+    "internal-ip": "^6.2.0",
     "nanoid": "^3.1.25"
   },
   "devDependencies": {