Restoring all commands which were based on utility

Getting up the previous versions and features of Dude Perfect v1 into the brand new Dude Perfect v2

Dependabot couldn't parse the package.json found at /package.json.

The error Dependabot encountered was:

Dependabot::DependencyFileNotParseable

View the update logs.

CVE-2020-7746 - High Severity Vulnerability

Vulnerable Library - Chart-2.5.0.min.js

Simple HTML5 charts using the canvas element.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.5.0/Chart.min.js

Path to dependency file: Dude-Perfect/node_modules/mathjs/examples/browser/rocket_trajectory_optimization.html

Path to vulnerable library: Dude-Perfect/node_modules/mathjs/examples/browser/rocket_trajectory_optimization.html

Dependency Hierarchy:

• ❌ Chart-2.5.0.min.js (Vulnerable Library)

Found in HEAD commit: ab6f406b4cb41e44c596b1660b580f5a39c0d4e2

Found in base branch: main

Vulnerability Details

This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.

Publish Date: 2020-10-29

URL: CVE-2020-7746

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7746

Release Date: 2020-07-21

Fix Resolution: chart.js - 2.9.4

Step up your Open Source Security Game with WhiteSource here

Add a wiki or documentation page to this repository for users' help and so that they can understand Dude Perfect more easily.

Restoring all commands which were based on moderation

Describe the bug
Instead of 1message bot purging like 10 messages.

To Reproduce
Steps to reproduce the behavior:

1. Go to https://github.com/Dude-Perfect-Discord-Bot/Dude-Perfect
2. Click on purge.js
3. Scroll down to https://github.com/Dude-Perfect-Discord-Bot/Dude-Perfect/blob/main/src/commands/Server%20Management/purge.js#L47
4. See an error - Instead of 1message bot purging like 10 messages.

Expected behavior
A proper purge command which should purge a number of messages provided by the user(purged message should not be more or less from the provided number)

Screenshots
N/A

Desktop (please complete the following information):

• Version 2.1.4

Smartphone (please complete the following information):
N/A

Additional context
Please fix it asap!

Restoring all commands which were based on admins

• Your privacy policy must include what users should do if they have any concerns or want their data deleted.

• Owner commands should either be hidden from the public or return error messages for users that can't use those commands.

• Voicekick should check if a member is in a voice channel.

• Nickname, Purge, Voicekick don't seem to respond when either:

  1. Invalid arguments were provided.

  2. No arguments were provided.

Status/Device in Info Command

It is showing offline when the user is online.

Member Presence in Server Command

Showing status counts zero ie. incorrect.

CVE-2020-11022 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.11.1.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.js

Path to dependency file: Dude-Perfect/node_modules/javascript-natural-sort/unit-tests.html

Path to vulnerable library: Dude-Perfect/node_modules/javascript-natural-sort/unit-tests.html

Dependency Hierarchy:

• ❌ jquery-1.11.1.js (Vulnerable Library)

Found in HEAD commit: ab6f406b4cb41e44c596b1660b580f5a39c0d4e2

Found in base branch: main

Vulnerability Details

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11022

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

Release Date: 2020-04-29

Fix Resolution: jQuery - 3.5.0

Step up your Open Source Security Game with WhiteSource here

I have been using dude perfect since a long time, The ui of the bot is very clean and easy to use, I have found Dude Perfect very usefull.., I would like the Developers to add Mini games in the bot which can help server to be more active....
I would review the bot : 9/10

Type Racer: Features Requested

• Leaderboard - A leaderboard that will show user's data ie. their average word speed per minute(WPR) and more stats.

• Reward System - If a user finishes an achievement like maintaning top position in the leaderboard or completing the task in Type Race then they will be awarded some game currency or something else.

• Multiple Channels - In this feature, the bot will send messages to dedicated channels(which is needed to be more than one channel), where users will do the Type Race or guess the words. All this will be in one command means in a single way which will check users that how fast they can be in different channels.

Mini Games: Addition Requested

• Mind Game(Words) - Where bot will first show some words to be memorised after few seconds it will remove those words and then users have to guess those words(it can be in the way they were given or soemthing else). User can get rewared for this also.

• Mind Game(Letter) - Same as above but with letters.

Example for the Mind Games process 👇

Step 1: If command !mg ie. mind game used by user. Then it will show words suppose three ie. Red, Blue & Green.

Step 2: The bot will delete those words then after few seconds.

Step 3: The user(s) will guess those words in the given format then if it's correct then the bot will greet them with a beautiful message. Else the guess is wrong then the bot will show the user the correct answer and tell them to try again.

Describe the bug
A user is not present in the voice channel but then to bot is sending an error as well as a success message in response.

To Reproduce
Steps to reproduce the behavior:

1. Use the command on someone who is not connected to the voice channel.
2. Bot will respond with an error as well as a success message.

Expected behavior
The bot should only send the error message in response.

Screenshots

Additional context
Add any other context about the problem here.

(Prefer to use Github Commits)

Bot goes offline and needs to do a manual restart to make the bot working!

Restoring all commands which were based on guild/user/member's information.

Guild command has rate-limit but no cooldown, so no point.

Causing uptime issues!

• Fix the command description, the current one is wrong.

Current - Provides you a random question based on your questions.
Correct - Provides you a random answer based on your questions.

• We need to add an else for conditions such as the arguments or the options for the particular are returning null then they should be replaced with default or some other value to be showcased and don't become a drawback for the bot.

• Top.gg package needs to be updated to the latest released one because the previous one is been discontinued.

CVE-2015-9251 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.11.1.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.js

Path to dependency file: Dude-Perfect/node_modules/javascript-natural-sort/unit-tests.html

Path to vulnerable library: Dude-Perfect/node_modules/javascript-natural-sort/unit-tests.html

Dependency Hierarchy:

• ❌ jquery-1.11.1.js (Vulnerable Library)

Found in HEAD commit: ab6f406b4cb41e44c596b1660b580f5a39c0d4e2

Found in base branch: main

Vulnerability Details

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Publish Date: 2018-01-18

URL: CVE-2015-9251

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251

Release Date: 2018-01-18

Fix Resolution: jQuery - v3.0.0

Step up your Open Source Security Game with WhiteSource here

Dhruvin#3570

One of the best Multipurpose Discord Bots I could get, Highly Recommend it.
The Codebase is also pretty explanatory and good for those who want to learn.

Hyperlinks of the wiki in help and about command need to be fixed.

Excellent bot.
I'm using it since beginning (i guess :), uptime is very good.
Excellent work, very useful bot.

Pls make it a multipurpose bot, if possible. ✌️

Describe the bug
Using the avatar command, the bot deletes the command soon without at least seeing the user's avatar.

(Prefer to use Github Commits)

CVE-2019-11358 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.11.1.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.js

Path to dependency file: Dude-Perfect/node_modules/javascript-natural-sort/unit-tests.html

Path to vulnerable library: Dude-Perfect/node_modules/javascript-natural-sort/unit-tests.html

Dependency Hierarchy:

• ❌ jquery-1.11.1.js (Vulnerable Library)

Found in HEAD commit: ab6f406b4cb41e44c596b1660b580f5a39c0d4e2

Found in base branch: main

Vulnerability Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Publish Date: 2019-04-20

URL: CVE-2019-11358

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

Release Date: 2019-04-20

Fix Resolution: 3.4.0

Step up your Open Source Security Game with WhiteSource here

CVE-2020-11023 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.11.1.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.js

Path to dependency file: Dude-Perfect/node_modules/javascript-natural-sort/unit-tests.html

Path to vulnerable library: Dude-Perfect/node_modules/javascript-natural-sort/unit-tests.html

Dependency Hierarchy:

• ❌ jquery-1.11.1.js (Vulnerable Library)

Found in HEAD commit: ab6f406b4cb41e44c596b1660b580f5a39c0d4e2

Found in base branch: main

Vulnerability Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11023

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023

Release Date: 2020-04-29

Fix Resolution: jquery - 3.5.0

Step up your Open Source Security Game with WhiteSource here