fix: multiple CVEs - Githubissues

flybywiresim / discord-bot-utils

Utilities Discord Bot created for the FlyByWire Discord server.

https://flybywiresim.com/

GNU Affero General Public License v3.0

5 stars 7 forks source link

fix: multiple CVEs #69

Closed ExampleWasTaken closed 3 months ago

ExampleWasTaken commented 4 months ago

Description

This PR fixes:

High CVE-2024-37890
High CVE-2024-29415 & Low (previously moderate) CVE-2023-42282
Low CVE-2024-30260 & Low CVE-2024-24758

Test Results

Build: ✅
Slash commands: ✅
Context commands: ✅
Action Rows: ✅

ExampleWasTaken commented 4 months ago

The relevance of the vulnerabilities reported for the ip package has since been questioned and the repo has been archived by its owner over these reports. Nevertheless, I think it's always good to keep `npm audit happy if there are viable solutions.

pdellaert commented 3 months ago

Needs testing, but likely will be fine, will get to it soon (likely weekend)