Skip to content

fix(deps): update dependency @discordjs/opus to ^0.8.0 [security]#69

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/npm-discordjs-opus-vulnerability
Open

fix(deps): update dependency @discordjs/opus to ^0.8.0 [security]#69
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/npm-discordjs-opus-vulnerability

Conversation

@renovate

@renovate renovate Bot commented Aug 6, 2024

Copy link
Copy Markdown

This PR contains the following updates:

Package Change Age Confidence
@discordjs/opus ^0.5.0^0.8.0 age confidence

Uncontrolled Resource Consumption in @​discordjs/opus

CVE-2022-25345 / GHSA-rvgf-69j7-xh78

More information

Details

Improperly handled errors in @​discordjs/opus cause hard crashes instead of returning the error to user land. All versions of package @​discordjs/opus (<= 0.7.0) are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash due to improperly returning the errors from the invalid inputs.

As of version 0.8.0, the errors are correctly returned to the user and are no longer throwing hard crashes that cannot be recovered.

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


Release Notes

discordjs/opus (@​discordjs/opus)

v0.8.0: 0.8.0

Compare Source

Features

Bug Fixes

v0.7.0: 0.7.0

Compare Source

Features

v0.6.0: 0.6.0

Compare Source

Features

  • feat add support for macos arm64 (d929bdb)

v0.5.3: 0.5.3

Compare Source

Features

  • chore remove outdated workflows (3ca4341)

v0.5.2: 0.5.2

Compare Source

Features

  • chore update deps to allow node 16 prebuilt downloads (22fd6b7)

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
renovate Bot force-pushed the renovate/npm-discordjs-opus-vulnerability branch from 193d4f5 to 888cd57 Compare August 10, 2025 13:49
@renovate
renovate Bot force-pushed the renovate/npm-discordjs-opus-vulnerability branch from 888cd57 to 7539650 Compare September 25, 2025 13:45
@renovate
renovate Bot force-pushed the renovate/npm-discordjs-opus-vulnerability branch from 7539650 to 5f59741 Compare October 21, 2025 14:03
@renovate
renovate Bot force-pushed the renovate/npm-discordjs-opus-vulnerability branch from 5f59741 to 8c1f011 Compare November 10, 2025 19:52
@renovate

renovate Bot commented Nov 10, 2025

Copy link
Copy Markdown
Author

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock
➤ YN0000: ┌ Resolution step
➤ YN0032: │ node-addon-api@npm:5.1.0: Implicit dependencies on node-gyp are discouraged
➤ YN0061: │ npmlog@npm:5.0.1 is deprecated: This package is no longer supported.
➤ YN0061: │ are-we-there-yet@npm:2.0.0 is deprecated: This package is no longer supported.
➤ YN0061: │ gauge@npm:3.0.2 is deprecated: This package is no longer supported.
➤ YN0061: │ tar@npm:6.2.1 is deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
➤ YN0000: └ Completed in 0s 663ms
➤ YN0000: ┌ Fetch step
➤ YN0001: │ TypeError: fsevents@patch:fsevents@npm%3A2.3.2#builtin<compat/fsevents>::version=2.3.2&hash=11e9ea: (0 , o.isDate) is not a function
    at /tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:485321
    at f.utimesImpl (/tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:485380)
    at f.utimesSync (/tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:484779)
    at f.utimesPromise (/tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:484645)
    at f.mkdirpPromise (/tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:447511)
    at process.processTicksAndRejections (node:internal/process/task_queues:104:5)
    at async re.fetchers.patchPackage (/tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:261844)
    at async Q (/tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:289520)
    at async D (/tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:289979)
    at async /tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:290670
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT No package manager detected; defaulting to Yarn
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT 
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: .jsdoc.json
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: .npmrc
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: .prettierignore
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: LICENSE
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: README.md
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: package.json
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/index.d.ts
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/index.js
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/providers/MongooseProvider.js
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/providers/Provider.js
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/providers/SQLiteProvider.js
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/providers/SequelizeProvider.js
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/struct/AkairoClient.js
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/struct/AkairoHandler.js
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/struct/AkairoModule.js
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/struct/ClientUtil.js
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/struct/commands/Command.js
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/struct/commands/CommandHandler.js
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/struct/commands/CommandUtil.js
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/struct/commands/ContentParser.js
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/struct/commands/Flag.js
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/struct/commands/arguments/Argument.js
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/struct/commands/arguments/ArgumentRunner.js
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/struct/commands/arguments/TypeResolver.js
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/struct/inhibitors/Inhibitor.js
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/struct/inhibitors/InhibitorHandler.js
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/struct/listeners/Listener.js
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/struct/listeners/ListenerHandler.js
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/util/AkairoError.js
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/util/Category.js
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/util/Constants.js
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: src/util/Util.js
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: Package archive generated in /tmp/xfs-d48c5670/package.tgz
➤ YN0000: │ /tmp/xfs-d48c5670 STDOUT ➤ YN0000: Done in 0s 243ms
➤ YN0000: │ /tmp/xfs-009a26d2 STDOUT Installing the project using npm
➤ YN0000: │ /tmp/xfs-009a26d2 STDOUT 
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn Unknown env config "store". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn old lockfile
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn old lockfile The package-lock.json file was created with an old version of npm,
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn old lockfile so supplemental metadata must be fetched from the registry.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn old lockfile
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn old lockfile This is a one-time fix-up, please be patient...
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn old lockfile
➤ YN0001: │ TypeError: resolve@patch:resolve@npm%3A1.20.0#builtin<compat/resolve>::version=1.20.0&hash=3388aa: (0 , o.isDate) is not a function
    at /tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:485321
    at f.utimesImpl (/tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:485380)
    at f.utimesSync (/tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:484779)
    at f.utimesPromise (/tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:484645)
    at f.mkdirpPromise (/tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:447511)
    at process.processTicksAndRejections (node:internal/process/task_queues:104:5)
    at async re.fetchers.patchPackage (/tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:261844)
    at async Q (/tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:289520)
    at async D (/tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:289979)
    at async /tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:290670
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn gitignore-fallback No .npmignore file found, using .gitignore for file exclusion. Consider creating a .npmignore file to explicitly control published files.
➤ YN0001: │ TypeError: typescript@patch:typescript@npm%3A4.2.4#builtin<compat/typescript>::version=4.2.4&hash=a45b0e: (0 , o.isDate) is not a function
    at /tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:485321
    at f.utimesImpl (/tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:485380)
    at f.utimesSync (/tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:484779)
    at f.utimesPromise (/tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:484645)
    at f.mkdirpPromise (/tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:447511)
    at process.processTicksAndRejections (node:internal/process/task_queues:104:5)
    at async re.fetchers.patchPackage (/tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:261844)
    at async Q (/tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:289520)
    at async D (/tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:289979)
    at async /tmp/renovate/repos/github/bee7-discord/BEE7/.yarn/releases/yarn-2.4.1.cjs:2:290670
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated whatwg-encoding@1.0.5: Use @exodus/bytes instead for a more spec-conformant and faster implementation
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated test-value@3.0.0: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated source-map-url@0.4.0: See https://github.com/lydell/source-map-url#deprecated
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated stream-connect@1.0.2: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated rimraf@2.6.3: Rimraf versions prior to v4 are no longer supported
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated osenv@0.1.5: This package is no longer supported.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated npmlog@4.1.2: This package is no longer supported.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated q@1.5.1: You or someone you depend on is using Q, the JavaScript Promise library that gave JavaScript developers strong feelings about promises. They can almost certainly migrate to the native JavaScript promise now. Thank you literally everyone for joining me in this bet against the odds. Be excellent to each other.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated (For a CapTP with native promises, see @endo/eventual-send and @endo/captp)
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated lodash.template@4.5.0: This package is deprecated. Use https://socket.dev/npm/package/eta instead.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated lodash.omit@4.5.0: This package is deprecated. Use destructuring assignment syntax instead.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated lodash.pick@4.4.0: This package is deprecated. Use destructuring assignment syntax instead.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated uuid@3.4.0: uuid@10 and below is no longer supported.  For ESM codebases, update to uuid@latest.  For CommonJS codebases, use uuid@11 (but be aware this version will likely be deprecated in 2028).
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated sane@4.1.0: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated is-accessor-descriptor@0.1.6: Please upgrade to v0.1.7
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated is-data-descriptor@0.1.4: Please upgrade to v0.1.5
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated har-validator@5.1.5: this library is no longer supported
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated git-raw-commits@2.0.8: Deprecated and no longer maintained. Use @conventional-changelog/git-client instead.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated glob@7.1.6: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated fs-then-native@2.0.0: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated gauge@2.7.4: This package is no longer supported.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated domexception@2.0.1: Use your platform's native DOMException instead
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated are-we-there-yet@1.1.5: This package is no longer supported.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated abab@2.0.5: Use your platform's native atob() and btoa() methods instead
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated @discordjs/collection@0.1.6: no longer supported
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated @discordjs/form-data@3.0.1: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated is-accessor-descriptor@1.0.0: Please upgrade to v1.0.1
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated is-data-descriptor@1.0.0: Please upgrade to v1.0.1
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated fstream@1.0.12: This package is no longer supported.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated test-value@1.1.0: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated test-value@2.1.0: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated is-accessor-descriptor@1.0.0: Please upgrade to v1.0.1
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated is-data-descriptor@1.0.0: Please upgrade to v1.0.1
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated is-data-descriptor@1.0.0: Please upgrade to v1.0.1
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated is-data-descriptor@1.0.0: Please upgrade to v1.0.1
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated is-accessor-descriptor@1.0.0: Please upgrade to v1.0.1
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated is-accessor-descriptor@1.0.0: Please upgrade to v1.0.1
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated npm-registry-client@8.6.0: This package is no longer supported.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn gitignore-fallback No .npmignore file found, using .gitignore for file exclusion. Consider creating a .npmignore file to explicitly control published files.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated dtslint@4.0.4: See https://aka.ms/type-testing-tools
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated uuid@8.3.2: uuid@10 and below is no longer supported.  For ESM codebases, update to uuid@latest.  For CommonJS codebases, use uuid@11 (but be aware this version will likely be deprecated in 2028).
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated tar@2.2.2: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated discord-api-types@0.18.1: No longer supported. Install the latest release (0.20.2)
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated eslint@6.8.0: This version is no longer supported. Please see https://eslint.org/version-support for other options.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated eslint@7.11.0: This version is no longer supported. Please see https://eslint.org/version-support for other options.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated tslint@6.1.3: TSLint has been deprecated in favor of ESLint. Please see https://github.com/palantir/tslint/issues/4534 for more information.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn deprecated core-js@3.8.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
➤ YN0000: │ /tmp/xfs-009a26d2 STDOUT 
➤ YN0000: │ /tmp/xfs-009a26d2 STDOUT added 978 packages, and audited 979 packages in 51s
➤ YN0000: │ /tmp/xfs-009a26d2 STDOUT 
➤ YN0000: │ /tmp/xfs-009a26d2 STDOUT 86 vulnerabilities (4 low, 31 moderate, 42 high, 9 critical)
➤ YN0000: │ /tmp/xfs-009a26d2 STDOUT 
➤ YN0000: │ /tmp/xfs-009a26d2 STDOUT To address issues that do not require attention, run:
➤ YN0000: │ /tmp/xfs-009a26d2 STDOUT   npm audit fix
➤ YN0000: │ /tmp/xfs-009a26d2 STDOUT 
➤ YN0000: │ /tmp/xfs-009a26d2 STDOUT To address all issues possible (including breaking changes), run:
➤ YN0000: │ /tmp/xfs-009a26d2 STDOUT   npm audit fix --force
➤ YN0000: │ /tmp/xfs-009a26d2 STDOUT 
➤ YN0000: │ /tmp/xfs-009a26d2 STDOUT Some issues need review, and may require choosing
➤ YN0000: │ /tmp/xfs-009a26d2 STDOUT a different dependency.
➤ YN0000: │ /tmp/xfs-009a26d2 STDOUT 
➤ YN0000: │ /tmp/xfs-009a26d2 STDOUT Run `npm audit` for details.
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn allow-scripts 2 packages have install scripts not yet covered by allowScripts:
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn allow-scripts   core-js@3.8.1 (postinstall: node -e "try{require('./postinstall')}catch(e){}")
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn allow-scripts   husky@4.3.0 (install: node husky install; postinstall: opencollective-postinstall || exit 0)
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn allow-scripts
➤ YN0000: │ /tmp/xfs-009a26d2 STDERR npm warn allow-scripts Run `npm approve-scripts --allow-scripts-pending` to review, or `npm approve-scripts <pkg>` to allow.
➤ YN0000: │ /tmp/xfs-009a26d2 STDOUT discord.js-12.5.0.tgz
➤ YN0013: │ 3 packages were already cached, 512 had to be fetched
➤ YN0000: └ Completed in 59s 106ms
➤ YN0000: Failed with errors in 59s 773ms

@renovate renovate Bot changed the title fix(deps): update dependency @discordjs/opus to ^0.8.0 [security] fix(deps): update dependency @discordjs/opus to ^0.8.0 [security] - autoclosed Mar 27, 2026
@renovate renovate Bot closed this Mar 27, 2026
@renovate
renovate Bot deleted the renovate/npm-discordjs-opus-vulnerability branch March 27, 2026 01:33
@renovate renovate Bot changed the title fix(deps): update dependency @discordjs/opus to ^0.8.0 [security] - autoclosed fix(deps): update dependency @discordjs/opus to ^0.8.0 [security] Mar 30, 2026
@renovate renovate Bot reopened this Mar 30, 2026
@renovate
renovate Bot force-pushed the renovate/npm-discordjs-opus-vulnerability branch 2 times, most recently from 8c1f011 to d731545 Compare March 30, 2026 17:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants