Comments (6)
https://github.com/nodejs/undici/releases/tag/v6.6.1 is the security release. We are already updated: ae57d7f
There's nothing to do other than make a release, which will come naturally.
from discord.js.
It's closed as not planned, because there's nothing to fix. It's invalid, because it reports a bug that doesn't exist.
from discord.js.
If this is fixed why was it closed as not planned and tagged as invalid instead of being marked as something resolved in an upcoming release @Jiralite which would let others know it was resolved?
from discord.js.
I am also receiving this dependabot alert. I eagerly await the next release with this bug fix.
Is it possible to release an expedited patch (14.14.2
) that fixes this problem quickly? Or is bumping undici
's version a breaking change that requires a minor/major release?
from discord.js.
There's no need to expedite a patch for this. You can safely ignore it. We are not impacted by this CVE as we are not making cross-origin requests (as far as I know)
from discord.js.
Per GHSA-3787-6prv-h9w3 it is patched in undici v6.6.1
@discordjs/rest has picked up the patch in ae57d7f
from discord.js.
Related Issues (20)
- TypeError: polyfillDispose is not a function HOT 2
- InternalDiscordGatewayAdapterLibraryMethods 404 not found
- Discord js Voice: error on play small audios
- Security Issue with dependent package undici HOT 1
- feat(addEventOption) SlashCommandBuilder HOT 1
- AutocompleteInteraction#options resolver HOT 3
- Ban Appeal
- SequentialHandler.queueRequest does not resolve the promise when the request fails HOT 2
- Using Message.fetch() the code is stopped even though an error is caught HOT 1
- Redundant Message Update Events HOT 2
- Message.inGuild() can be false for messages in closed threads fetched with allowUnknownGuild HOT 3
- hasThread property not showed in message and false instead of true HOT 8
- Discord REST API rejecting valid command "name" properties. HOT 2
- Add a formatter for "Hide hyperlink embed" markdown sequence HOT 4
- New Documentation (often) seems to have incorrect default data HOT 4
- Unknown interaction (10062) when using a modal after canceling the same modal within the awaitModalSubmit time HOT 2
- Issues with message.author randomly returning undefined
- discord.js bot reacts several times on the action. sends multiple messages to the server. HOT 5
- Websocket gets stuck and doesn't resume HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from discord.js.