eternal knot
update latest version of discord.js and i got this message from terminal
i doing npm audit fix and still warning to me to using this command npm audit fix --force
I only plan to perform functional tests. Can I ignore this issue?
up to date, audited 28 packages in 3s
7 packages are looking for funding
run `npm fund` for details
# npm audit report
undici <=6.23.0
Severity: high
Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion - https://github.com/advisories/GHSA-g9mf-h72j-4rw9
Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client - https://github.com/advisories/GHSA-f269-vfmq-vjvj
Undici has an HTTP Request/Response Smuggling issue - https://github.com/advisories/GHSA-2mjp-6q6p-2qxm
Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression - https://github.com/advisories/GHSA-vrm6-8vpv-qv8q
Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation - https://github.com/advisories/GHSA-v9p9-hfj2-hcw8
Undici has CRLF Injection in undici via `upgrade` option - https://github.com/advisories/GHSA-4992-7rv2-5pvq
fix available via `npm audit fix --force`
Will install discord.js@13.17.1, which is a breaking change
node_modules/undici
discord.js 14.0.0-dev.1640779371.9cdc448 - 15.0.0-dev.1744071174-d93a52c1d
Depends on vulnerable versions of undici
node_modules/discord.js
2 vulnerabilities (1 moderate, 1 high)
To address all issues (including breaking changes), run:
npm audit fix --force```