Asgarrrr / Luna

An adorable discord bot fully customizable created in javascript, using Discord.js and mongoDB that is constantly growing !
https://lunadoc.vercel.app/
GNU General Public License v3.0
24 stars 3 forks source link

[Snyk] Security upgrade discord.js from 12.5.3 to 14.0.0 #51

Open Asgarrrr opened 2 years ago

Asgarrrr commented 2 years ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

![merge advice](https://app.snyk.io/badges/merge-advice/?package_manager=npm&package_name=discord.js&from_version=12.5.3&to_version=14.0.0&pr_id=8e2409b4-d1d2-4aa2-af7f-3c0d89e99a5e&visibility=true&has_feature_flag=false) #### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **768/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-NODEFETCH-2964180](https://snyk.io/vuln/SNYK-JS-NODEFETCH-2964180) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: discord.js The new version differs by 250 commits.
  • f0b7734 chore: bump dev version
  • b0a9131 chore(discord.js): release discord.js
  • 29be5b5 chore: deps
  • d677c31 chore: update dev versions
  • f6ef92a chore: release @ discordjs/builders, @ discordjs/collection, @ discordjs/proxy, @ discordjs/rest
  • 52a9e21 fix(GuildMemberManager): Allow setting own nickname (#8066)
  • b7e6238 test(builders): improve coverage (#8274)
  • cafde77 refactor(Util)!: rename `fetchRecommendedShards` (#8298)
  • b7d4e55 types(GuildFeature): allow feature strings to be passed (#8264)
  • 5aeed99 docs: align webhook method return types with implementation (#8253)
  • 452dec5 docs: Remove `@ private` constructor documentation (#8255)
  • 64f8140 refactor(Embed): Add all the types (#8254)
  • 33a7a5c types(CategoryChannelChildManager): fix Holds type (#8288)
  • edf83f0 chore: bump dev versions
  • 25bd771 chore(voice): release @ discordjs/voice@0.11.0
  • f2ca0ca chore(rest): release @ discordjs/rest@0.6.0
  • 6712de9 chore(collection): release @ discordjs/collection@0.8.0
  • 28cd293 chore: update changelog
  • 3f5690a chore(builders): bump dev version
  • 015ab69 chore(builders): release @ discordjs/builders@0.16.0
  • caecc57 chore: deps
  • 3bf30b1 fix(PermissionOverwriteManager): mutates user (#8283)
  • 103a358 refactor(rest): add content-type(s) to uploads (#8290)
  • bf65b37 types: remove `MemberMention` (#8292)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/asgarrrrr/project/61675647-dbfc-4091-95d4-3e00a1dd364a?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/asgarrrrr/project/61675647-dbfc-4091-95d4-3e00a1dd364a?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"8e2409b4-d1d2-4aa2-af7f-3c0d89e99a5e","prPublicId":"8e2409b4-d1d2-4aa2-af7f-3c0d89e99a5e","dependencies":[{"name":"discord.js","from":"12.5.3","to":"14.0.0"}],"packageManager":"npm","projectPublicId":"61675647-dbfc-4091-95d4-3e00a1dd364a","projectUrl":"https://app.snyk.io/org/asgarrrrr/project/61675647-dbfc-4091-95d4-3e00a1dd364a?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-NODEFETCH-2964180"],"upgrade":["SNYK-JS-NODEFETCH-2964180"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore","merge-advice-badge-shown"],"priorityScoreList":[768]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io?loc=fix-pr)