Closed djsegfault closed 2 years ago
A dependabot PR to upgrade node-fetch exists #499 but it's not compatible because of import
in node-fetch 3.x
and I'm not satisfied. The issue doesn't affect tmi.js and can be avoided anyway by setting options.skipUpdatingEmotesets
to true
so it won't make any calls using node-fetch.
const client = new tmi.Client({ options: { skipUpdatingEmotesets: true } });
the patch was made on v2 as well. Thus you could upgrade node-fetch
to 2.6.7
instead of 3.x
https://github.com/tmijs/tmi.js/blob/28e9e9e1336d0364d476d2021ce575b487c8d587/package.json#L48
in fact, this is covered already due to the semver range above. Thus npm audit
doesn't report anything now. You can close this :)
Actual behaviour: npm audit reports vulnerable dependency
Expected behaviour: No dependency vulnerabilities
Error log:
Server configuration