[Snyk] Fix for 1 vulnerabilities
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this Merge Request
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- Phyc/package.json
- Phyc/package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
---|---|---|---|---|
768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-NODEFETCH-2964180 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: discord.js
The new version differs by 250 commits.- f0b7734 chore: bump dev version
- b0a9131 chore(discord.js): release discord.js
- 29be5b5 chore: deps
- d677c31 chore: update dev versions
- f6ef92a chore: release @ discordjs/builders, @ discordjs/collection, @ discordjs/proxy, @ discordjs/rest
- 52a9e21 fix(GuildMemberManager): Allow setting own nickname (#8066)
- b7e6238 test(builders): improve coverage (#8274)
- cafde77 refactor(Util)!: rename `fetchRecommendedShards` (#8298)
- b7d4e55 types(GuildFeature): allow feature strings to be passed (#8264)
- 5aeed99 docs: align webhook method return types with implementation (#8253)
- 452dec5 docs: Remove `@ private` constructor documentation (#8255)
- 64f8140 refactor(Embed): Add all the types (#8254)
- 33a7a5c types(CategoryChannelChildManager): fix Holds type (#8288)
- edf83f0 chore: bump dev versions
- 25bd771 chore(voice): release @ discordjs/voice@0.11.0
- f2ca0ca chore(rest): release @ discordjs/rest@0.6.0
- 6712de9 chore(collection): release @ discordjs/collection@0.8.0
- 28cd293 chore: update changelog
- 3f5690a chore(builders): bump dev version
- 015ab69 chore(builders): release @ discordjs/builders@0.16.0
- caecc57 chore: deps
- 3bf30b1 fix(PermissionOverwriteManager): mutates user (#8283)
- 103a358 refactor(rest): add content-type(s) to uploads (#8290)
- bf65b37 types: remove `MemberMention` (#8292)
Package name: node-fetch
The new version differs by 217 commits.- 2880238 fix: ReDoS referrer (#1611)
- e87b093 fix(Headers): don't forward secure headers on protocol change (#1599)
- bcfb71c chore: remove triple-slash directives from typings (#1285) (#1287)
- 95165d5 fix spelling (#1602)
- 11b7033 fix: possibly flaky test (#1523)
- 4f43c9e fix: always warn Request.data (#1550)
- 1c5ed6b fix: undefined reference to response.body when aborted (#1578)
- a92b5d5 fix: use space in accept-encoding values (#1572)
- 0f122b8 docs: fix formdata code example (#1562)
- 6ae9c76 docs(readme): response.clone() is not async (#1560)
- 043a5fc Fix leaking listeners (#1295) (#1474)
- 004b3ac fix: don't uppercase unknown methods (#1542)
- c33e393 Fix Code of Conduct link in Readme. (#1532)
- 6875205 docs: Fix link markup to Options definition (#1525)
- 6425e20 fix: handle bom in text and json (#1482)
- a4ea5f9 fix: add missing formdata export to types (#1518)
- 61b3b5a fix: cancel request example import (#1513)
- 5e78af3 Replace changelog with valid url (#1506)
- 9014db7 types: support `agent: false` (#1502)
- 2e1f3a5 chore: fix typo in credential error message (#1496)
- 4ce2ce5 docs(readme): fix typo (#1489)
- ba23fd2 docs: remove the changelog (#1464)
- 8fedc1b core: move support and feature to discussion (#1471)
- 0b43b9f docs: update formdata example (#1465)
Check the changes in this Merge Request to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
Learn how to fix vulnerabilities with free interactive lessons: