Patch `undici` to resolve CVE-2024-24758

jlyons210 / discord-bot-ol-bootsie

Ol' Bootsie is a highly configurable Discord bot that interfaces with the OpenAI API, written for Node.js in Typescript.

The Unlicense

2 stars 2 forks source link

Patch `undici` to resolve CVE-2024-24758 #150

Closed jlyons210 closed 2 months ago

jlyons210 commented 6 months ago

Upgrade undici to version 5.28.3 or later.

jlyons210 commented 6 months ago

This dependency comes from discord.js@14.14.1, which is packaged with undici@5.27.2. Will need discord.js to update first.

jlyons210 commented 6 months ago

discord.js reports that it is not vulnerable to the CVE as they don't use the impacted functionality. Will close this once the next release is published that resolves the dependency.