Closed kokarare1212 closed 2 years ago
This issue is further upstream and needs to be fixed first: https://github.com/discordjs/node-pre-gyp/issues/5
The current versions of @discordjs/opus are also vulnerable. Once @discordjs/node-pre-gyp
is fixed @discordjs/opus
will also need to reference that fix. Once that happens prism-media
can pull in the update.
Yes, I understand. I will wait until a fixed version is released.
@fredkilbourn any update on this issue?
I think they fixed it a while ago...
What exactly is this waiting on? Locally running npm i
with @discordjs/opus updated to 0.8.0 seems to work. Can I create a PR to get this finally resolved?
This issue is referencing an issue from last year, not related to the CVE from this month.
Opened an issue for the new CVE: https://github.com/amishshah/prism-media/issues/105
This issue #92 should be closed.
Fixed in v1.3.4
Issue:
It uses the dependency package "ansi-regex" (https://github.com/advisories/GHSA-93q8-gq69-wqmw), which is vulnerable due to an outdated version of the dependency package "@discordjs/opus". The version of the dependent package "@discordjs/opus" needs to be updated.
Further details: