MrSphay/intelligence-terminal
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): patch undici CVEs, restore discord.js@14, sync license in lockfile

Browse Source 
- npm audit fix --force had silently installed discord.js@13 (deprecated)
  despite package.json declaring ^14.25.0; restored to 14.25.1
- Added overrides.undici >=7.24.4 to patch GHSA-g9mf, GHSA-f269,
  GHSA-2mjp, GHSA-vrm6, GHSA-v9p9, GHSA-4992 without breaking changes
- package-lock.json license field corrected ISC -> AGPL-3.0-only
  to match package.json (lockfile was out of sync from project init)
This commit is contained in:
XAOSTECH
2026-03-16 23:55:38 +01:00
parent 0200e6d9d5
commit b5726cd2f6
2 changed files with 339 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
package.json
View File

@@ -14,7 +14,12 @@
"clean": "node scripts/clean.mjs",
"fresh-start": "npm run clean && npm start"
},
"keywords": ["osint", "intelligence", "dashboard", "geopolitical"],
"keywords": [
"osint",
"intelligence",
"dashboard",
"geopolitical"
],
"author": "Crucix",
"license": "AGPL-3.0-only",
"engines": {
@@ -25,6 +30,7 @@
"express": "^5.1.0"
},
"optionalDependencies": {
"discord.js": "^14.25.0"
}
"discord.js": "^14.25.1" },
"overrides": {
"undici": "^7.24.4" }
}