Holo
DIAdiscord.js - Imagine an app
•Created by Holo on 2/28/2024 in #djs-questions
DJS 14.12.1 vulnerabilities?
I'm trying to make my first discord bot and i was following it until it told me to run "npm install discord.js" which i did, but it came up with
and when running npm audit it reads
after running "npm audit fix --force"
from here, running "npm audit fix" doesn't change anything, neither does adding --force. The tutorial i'm reading from is from january 18th 2022 so i'm assuming it's outdated, but i'm not sure what to search for a solution to this, so i decided to make a post here to hopefully get some help.
changed 1 package, and audited 27 packages in 5s
4 low severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
changed 1 package, and audited 27 packages in 5s
4 low severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
# npm audit report
undici <=5.28.2
Undici proxy-authorization header not cleared on cross-origin redirect in fetch - https://github.com/advisories/GHSA-3787-6prv-h9w3
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/undici
@discordjs/rest 2.0.1-dev.1690848847-1af7e5a0b.0 - 2.3.0-dev.1707178154-3755e66d4
Depends on vulnerable versions of undici
node_modules/@discordjs/rest
@discordjs/ws >=1.0.1-dev.1690848792-1af7e5a0b.0
Depends on vulnerable versions of @discordjs/rest
node_modules/@discordjs/ws
discord.js 14.0.0-dev.1640779371.9cdc448 - 14.0.0-dev.1657757514-fe34f48 || 14.12.2-dev.1690891477-7295a3a94.0 - 14.15.0-dev.1709078928-0f9017ef9
Depends on vulnerable versions of @discordjs/rest
Depends on vulnerable versions of @discordjs/ws
Depends on vulnerable versions of undici
node_modules/discord.js
4 low severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
# npm audit report
undici <=5.28.2
Undici proxy-authorization header not cleared on cross-origin redirect in fetch - https://github.com/advisories/GHSA-3787-6prv-h9w3
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/undici
@discordjs/rest 2.0.1-dev.1690848847-1af7e5a0b.0 - 2.3.0-dev.1707178154-3755e66d4
Depends on vulnerable versions of undici
node_modules/@discordjs/rest
@discordjs/ws >=1.0.1-dev.1690848792-1af7e5a0b.0
Depends on vulnerable versions of @discordjs/rest
node_modules/@discordjs/ws
discord.js 14.0.0-dev.1640779371.9cdc448 - 14.0.0-dev.1657757514-fe34f48 || 14.12.2-dev.1690891477-7295a3a94.0 - 14.15.0-dev.1709078928-0f9017ef9
Depends on vulnerable versions of @discordjs/rest
Depends on vulnerable versions of @discordjs/ws
Depends on vulnerable versions of undici
node_modules/discord.js
4 low severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
PS C:\WINDOWS\system32\discord-bot> npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating discord.js to 14.12.1, which is a SemVer major change.
changed 1 package, and audited 27 packages in 2s
# npm audit report
undici <=5.28.2
Undici proxy-authorization header not cleared on cross-origin redirect in fetch - https://github.com/advisories/GHSA-3787-6prv-h9w3
fix available via `npm audit fix`
node_modules/undici
@discordjs/rest 2.0.1-dev.1690848847-1af7e5a0b.0 - 2.3.0-dev.1707178154-3755e66d4
Depends on vulnerable versions of undici
node_modules/@discordjs/rest
@discordjs/ws >=1.0.1-dev.1690848792-1af7e5a0b.0
Depends on vulnerable versions of @discordjs/rest
node_modules/@discordjs/ws
3 low severity vulnerabilities
To address all issues, run:
npm audit fix
PS C:\WINDOWS\system32\discord-bot> npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating discord.js to 14.12.1, which is a SemVer major change.
changed 1 package, and audited 27 packages in 2s
# npm audit report
undici <=5.28.2
Undici proxy-authorization header not cleared on cross-origin redirect in fetch - https://github.com/advisories/GHSA-3787-6prv-h9w3
fix available via `npm audit fix`
node_modules/undici
@discordjs/rest 2.0.1-dev.1690848847-1af7e5a0b.0 - 2.3.0-dev.1707178154-3755e66d4
Depends on vulnerable versions of undici
node_modules/@discordjs/rest
@discordjs/ws >=1.0.1-dev.1690848792-1af7e5a0b.0
Depends on vulnerable versions of @discordjs/rest
node_modules/@discordjs/ws
3 low severity vulnerabilities
To address all issues, run:
npm audit fix
4 replies