deprecated puppeteer@19.11.1: < 21.3.7 is no longer supported

[3vil3vo]

xml2js <0.5.0 Severity: moderate xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc fix available via `npm audit fix --force` Will install node_characterai@1.1.3, which is a breaking change node_modules/parse-bmfont-xml/node_modules/xml2js parse-bmfont-xml * Depends on vulnerable versions of xml2js node_modules/parse-bmfont-xml load-bmfont >=1.1.0 Depends on vulnerable versions of parse-bmfont-xml node_modules/load-bmfont @jimp/plugin-print * Depends on vulnerable versions of load-bmfont node_modules/@jimp/plugin-print @jimp/plugins * Depends on vulnerable versions of @jimp/plugin-print node_modules/@jimp/plugins jimp >=0.3.6-alpha.5 Depends on vulnerable versions of @jimp/plugins node_modules/jimp node_characterai >=1.1.4 Depends on vulnerable versions of jimp `node_modules/node_characterai

I would run npm audit fix --force if C.AI didn't released this ID TOKEN. Any suggestions what i should/could do?

[realcoloride]

You must update to the latest character ai versions for fixes and better stability. I am not sure what to understand from the output you've sent.

[3vil3vo]

It is the latest version. The output is the result of running "npm audit".

[realcoloride]

So your problem is related to the dependency jimp?

[3vil3vo]

Kinda. node_characterai is calling a xml2js version under 0.5.0. Could you please update node_characterai to use a secure version of xml2js?

[realcoloride]

This is an issue that is related to the jimp package, not this one. Jimp is only used for characterai's image features.

If you want, you could try to upgrade the package xml2js if needed but ultimately, I am not sure if its worth upgrading and installing an extra dependency for this package.

However, I would recommend you open up an issue towards jimp's package.

[3vil3vo]

Ok Thank you