4 replies

@discord.js/opus vulnerability in dependencies

npm audit report

semver <7.5.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via

npm audit fix --force

npm audit fix --force

npm audit fix --force

npm audit fix --force
Will install @discordjs/opus@0.4.0, which is a breaking change
node_modules/make-dir/node_modules/semver
make-dir 2.0.0 - 3.1.0
Depends on vulnerable versions of semver
node_modules/make-dir
@discordjs/node-pre-gyp >=0.3.1
Depends on vulnerable versions of make-dir
node_modules/@discordjs/node-pre-gyp
@discordjs/opus >=0.5.0
Depends on vulnerable versions of @discordjs/node-pre-gyp
node_modules/@discordjs/opus
prism-media 1.2.9 - 1.3.5
Depends on vulnerable versions of @discordjs/opus
node_modules/prism-media
@discordjs/voice >=0.2.0
Depends on vulnerable versions of prism-media
node_modules/@discordjs/voice

6 moderate severity vulnerabilities

GitHub

CVE-2022-25883 - GitHub Advisory Database

semver vulnerable to Regular Expression Denial of Service

@discord.js/opus vulnerability in dependencies

npm audit report

Similar Threads

Similar Threads

Similar Threads