Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: Bump dependencies #9899

Merged
merged 2 commits into from
Oct 17, 2023
Merged

build: Bump dependencies #9899

merged 2 commits into from
Oct 17, 2023

Conversation

Jiralite
Copy link
Member

No description provided.

@Jiralite Jiralite requested review from a team and iCrawl as code owners October 17, 2023 18:10
@vercel
Copy link

vercel bot commented Oct 17, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

2 Ignored Deployments
Name Status Preview Comments Updated (UTC)
discord-js ⬜️ Ignored (Inspect) Visit Preview Oct 17, 2023 8:44pm
discord-js-guide ⬜️ Ignored (Inspect) Visit Preview Oct 17, 2023 8:44pm

@github-actions
Copy link

github-actions bot commented Oct 17, 2023
edited
Loading

⚡️ Lighthouse report for the changes in this PR:

Category Score
🟢 Performance 100
🟢 Accessibility 100
🟢 Best practices 92
🟢 SEO 92
🟠 PWA 67

Lighthouse ran on https://discord-js-git-build-bump-dependencies-discordjs.vercel.app/

@Jiralite Jiralite linked an issue Oct 17, 2023 that may be closed by this pull request
4 low severity vulnerabilities in discord.js #9898
Closed
@Jiralite Jiralite marked this pull request as draft October 17, 2023 18:14
@Jiralite Jiralite marked this pull request as ready for review October 17, 2023 18:21
@kodiakhq kodiakhq bot merged commit 5b4a519 into main Oct 17, 2023
23 checks passed
@kodiakhq kodiakhq bot deleted the build/bump-dependencies branch October 17, 2023 20:47
@salix5
Copy link

salix5 commented Oct 18, 2023

Do you need to change all packages depend on @discordjs/rest v2.0.1?

my package.json

    "@discordjs/rest": "2.1.0-dev.1697587758-5b4a51945",
    "@discordjs/ws": "1.0.2-dev.1697587772-5b4a51945",
    "discord.js": "14.14.0-dev.1697587755-5b4a51945",

npm audit log

# npm audit report

undici  <5.26.2
Undici's cookie header not cleared on cross-origin redirect in fetch - https://github.com/advisories/GHSA-wqq4-5wpv-mx2g
fix available via `npm audit fix --force`
Will install @discordjs/[email protected], which is a breaking change
node_modules/@discordjs/ws/node_modules/undici
node_modules/discord.js/node_modules/@discordjs/rest/node_modules/undici
  @discordjs/rest  2.0.1-dev.1690848847-1af7e5a0b.0 - 2.1.0-dev.1697457847-6a63c441f
  Depends on vulnerable versions of undici
  node_modules/@discordjs/ws/node_modules/@discordjs/rest
  node_modules/discord.js/node_modules/@discordjs/rest
    @discordjs/ws  >=1.0.1-dev.1690848792-1af7e5a0b.0
    Depends on vulnerable versions of @discordjs/rest
    node_modules/@discordjs/ws
    node_modules/discord.js/node_modules/@discordjs/ws
    discord.js  14.12.2-dev.1690891477-7295a3a94.0 - 14.14.0-dev.1697587755-5b4a51945
    Depends on vulnerable versions of @discordjs/rest
    Depends on vulnerable versions of @discordjs/ws
    node_modules/discord.js

It seems that
discord.js
@discordjs/ws
depends on @discordjs/rest v2.0.1

So npm still shows "4 low severity vulnerabilities".

@Jiralite
Copy link
Member Author

Do you need to change all packages depend on @discordjs/rest v2.0.1?

That's what happened.

It seems that
discord.js
@discordjs/ws
depends on @discordjs/rest v2.0.1

You should use overrides.

cyan-2048 pushed a commit to cyan-2048/discord.js that referenced this pull request May 8, 2024
@Jiralite @kodiakhq
build: Bump dependencies (discordjs#9899)
2743127 
build: bump dependencies

Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iCrawl iCrawl iCrawl approved these changes

@almostSouji almostSouji almostSouji approved these changes

@suneettipirneni suneettipirneni suneettipirneni approved these changes

@vladfrangu vladfrangu Awaiting requested review from vladfrangu vladfrangu is a code owner automatically assigned from discordjs/ws

@didinele didinele Awaiting requested review from didinele didinele is a code owner automatically assigned from discordjs/ws

@kyranet kyranet Awaiting requested review from kyranet kyranet is a code owner automatically assigned from discordjs/core

@SpaceEEC SpaceEEC Awaiting requested review from SpaceEEC SpaceEEC is a code owner automatically assigned from discordjs/core

@ckohen ckohen Awaiting requested review from ckohen ckohen is a code owner automatically assigned from discordjs/scripts

@monbrey monbrey Awaiting requested review from monbrey monbrey is a code owner automatically assigned from discordjs/guide

Assignees
No one assigned
Labels
apps:guide apps:website dependencies packages:brokers packages:builders packages:collection packages:core packages:create-discord-bot packages:discord.js packages:docgen packages:formatters packages:next packages:proxy packages:proxy-container packages:rest packages:ui packages:util packages:voice packages:ws
Projects
discord.js
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

4 low severity vulnerabilities in discord.js
5 participants
@Jiralite @salix5 @iCrawl @almostSouji @suneettipirneni