DIA
discord.js - Imagine an app10mo ago
Holo

DJS 14.12.1 vulnerabilities?

I'm trying to make my first discord bot and i was following it until it told me to run "npm install discord.js" which i did, but it came up with 
changed 1 package, and audited 27 packages in 5s

4 low severity vulnerabilities

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.
changed 1 package, and audited 27 packages in 5s

4 low severity vulnerabilities

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.
and when running npm audit it reads 
# npm audit report

undici  <=5.28.2
Undici proxy-authorization header not cleared on cross-origin redirect in fetch - https://github.com/advisories/GHSA-3787-6prv-h9w3
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/undici
  @discordjs/rest  2.0.1-dev.1690848847-1af7e5a0b.0 - 2.3.0-dev.1707178154-3755e66d4
  Depends on vulnerable versions of undici
  node_modules/@discordjs/rest
    @discordjs/ws  >=1.0.1-dev.1690848792-1af7e5a0b.0
    Depends on vulnerable versions of @discordjs/rest
    node_modules/@discordjs/ws
    discord.js  14.0.0-dev.1640779371.9cdc448 - 14.0.0-dev.1657757514-fe34f48 || 14.12.2-dev.1690891477-7295a3a94.0 - 14.15.0-dev.1709078928-0f9017ef9
    Depends on vulnerable versions of @discordjs/rest
    Depends on vulnerable versions of @discordjs/ws
    Depends on vulnerable versions of undici
    node_modules/discord.js

4 low severity vulnerabilities

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force
# npm audit report

undici  <=5.28.2
Undici proxy-authorization header not cleared on cross-origin redirect in fetch - https://github.com/advisories/GHSA-3787-6prv-h9w3
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/undici
  @discordjs/rest  2.0.1-dev.1690848847-1af7e5a0b.0 - 2.3.0-dev.1707178154-3755e66d4
  Depends on vulnerable versions of undici
  node_modules/@discordjs/rest
    @discordjs/ws  >=1.0.1-dev.1690848792-1af7e5a0b.0
    Depends on vulnerable versions of @discordjs/rest
    node_modules/@discordjs/ws
    discord.js  14.0.0-dev.1640779371.9cdc448 - 14.0.0-dev.1657757514-fe34f48 || 14.12.2-dev.1690891477-7295a3a94.0 - 14.15.0-dev.1709078928-0f9017ef9
    Depends on vulnerable versions of @discordjs/rest
    Depends on vulnerable versions of @discordjs/ws
    Depends on vulnerable versions of undici
    node_modules/discord.js

4 low severity vulnerabilities

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force
after running "npm audit fix --force" 
PS C:\WINDOWS\system32\discord-bot> npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating discord.js to 14.12.1, which is a SemVer major change.

changed 1 package, and audited 27 packages in 2s

# npm audit report

undici  <=5.28.2
Undici proxy-authorization header not cleared on cross-origin redirect in fetch - https://github.com/advisories/GHSA-3787-6prv-h9w3
fix available via `npm audit fix`
node_modules/undici
  @discordjs/rest  2.0.1-dev.1690848847-1af7e5a0b.0 - 2.3.0-dev.1707178154-3755e66d4
  Depends on vulnerable versions of undici
  node_modules/@discordjs/rest
    @discordjs/ws  >=1.0.1-dev.1690848792-1af7e5a0b.0
    Depends on vulnerable versions of @discordjs/rest
    node_modules/@discordjs/ws

3 low severity vulnerabilities

To address all issues, run:
  npm audit fix
PS C:\WINDOWS\system32\discord-bot> npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating discord.js to 14.12.1, which is a SemVer major change.

changed 1 package, and audited 27 packages in 2s

# npm audit report

undici  <=5.28.2
Undici proxy-authorization header not cleared on cross-origin redirect in fetch - https://github.com/advisories/GHSA-3787-6prv-h9w3
fix available via `npm audit fix`
node_modules/undici
  @discordjs/rest  2.0.1-dev.1690848847-1af7e5a0b.0 - 2.3.0-dev.1707178154-3755e66d4
  Depends on vulnerable versions of undici
  node_modules/@discordjs/rest
    @discordjs/ws  >=1.0.1-dev.1690848792-1af7e5a0b.0
    Depends on vulnerable versions of @discordjs/rest
    node_modules/@discordjs/ws

3 low severity vulnerabilities

To address all issues, run:
  npm audit fix
from here, running "npm audit fix" doesn't change anything, neither does adding --force. The tutorial i'm reading from is from january 18th 2022 so i'm assuming it's outdated, but i'm not sure what to search for a solution to this, so i decided to make a post here to hopefully get some help.
3 Replies
d.js toolkit
d.js toolkit10mo ago
- What's your exact discord.js npm list discord.js and node node -v version? - Not a discord.js issue? Check out #other-js-ts. - Consider reading #how-to-get-help to improve your question! - Explain what exactly your issue is. - Post the full error stack trace, not just the top part! - Show your code! - Issue solved? Press the button! - Marked as resolved by staff
probablyraging
probablyraging10mo ago
Apparently these aren't relevant to djs as it doesn't do any CORS stuff. Can be ignored and has been fixed in the latest version
Holo
HoloOP10mo ago
Alright. the reason i was worried was because i was up to the step where you get your bot online, but nothing was happening when i was trying it, so i just assumed this was part of the issue
Want results from more Discord servers?
Add your server