[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NODEFETCH-2964180	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: discord.js

The new version differs by 250 commits.

• f0b7734 chore: bump dev version
• b0a9131 chore(discord.js): release discord.js
• 29be5b5 chore: deps
• d677c31 chore: update dev versions
• f6ef92a chore: release @ discordjs/builders, @ discordjs/collection, @ discordjs/proxy, @ discordjs/rest
• 52a9e21 fix(GuildMemberManager): Allow setting own nickname (#8066)
• b7e6238 test(builders): improve coverage (#8274)
• cafde77 refactor(Util)!: rename `fetchRecommendedShards` (#8298)
• b7d4e55 types(GuildFeature): allow feature strings to be passed (#8264)
• 5aeed99 docs: align webhook method return types with implementation (#8253)
• 452dec5 docs: Remove `@ private` constructor documentation (#8255)
• 64f8140 refactor(Embed): Add all the types (#8254)
• 33a7a5c types(CategoryChannelChildManager): fix Holds type (#8288)
• edf83f0 chore: bump dev versions
• 25bd771 chore(voice): release @ discordjs/voice@0.11.0
• f2ca0ca chore(rest): release @ discordjs/rest@0.6.0
• 6712de9 chore(collection): release @ discordjs/collection@0.8.0
• 28cd293 chore: update changelog
• 3f5690a chore(builders): bump dev version
• 015ab69 chore(builders): release @ discordjs/builders@0.16.0
• caecc57 chore: deps
• 3bf30b1 fix(PermissionOverwriteManager): mutates user (#8283)
• 103a358 refactor(rest): add content-type(s) to uploads (#8290)
• bf65b37 types: remove `MemberMention` (#8292)

See the full diff

Package name: node-ical

The new version differs by 33 commits.

• 5dcf5ad updated windowsZones.json
• 453a8ab update for upcoming 0.14.0 release.
• 5ae0023 RRule with timezone (Bump discord-api-types from 0.25.2 to 0.26.1 Chr1s70ph/ETIT-Master#130)
• 8369331 added more dev dependencies.
• 38c23fd fix eslint errors.
• 85934e3 Adds recurrences object to VEvent type (Quicklinks Chr1s70ph/ETIT-Master#155)
• e49278e Bump axios from 0.21.4 to 0.24.0 (Bump discord-api-types from 0.29.0 to 0.31.0 Chr1s70ph/ETIT-Master#160)
• 8eb119c Bump eslint-plugin-import from 2.24.2 to 2.25.2 (Bump discord-api-types from 0.27.3 to 0.29.0 Chr1s70ph/ETIT-Master#157)
• 9b623ea more axios switchover changes.
• d718e48 switch from using node-fetch to using axios which seems to be more
• 3b1db80 Bump eslint-plugin-import from 2.23.4 to 2.24.2 (Improve exams and weekplan commands Chr1s70ph/ETIT-Master#148)
• adc5e68 Bump path-parse from 1.0.6 to 1.0.7 (Add Old Role Selction System Chr1s70ph/ETIT-Master#145)
• a3768db Bump eslint from 7.28.0 to 7.32.0 (Add permissions to slashcomamnds Chr1s70ph/ETIT-Master#139)
• 6e39283 Bump @ types/node-fetch from 2.5.10 to 2.5.12 (Use newly added interaction.locale Chr1s70ph/ETIT-Master#138)
• db6942a Bump normalize-url from 4.5.0 to 4.5.1 (Rework SlashCommands handling Chr1s70ph/ETIT-Master#129)
• 28175a6 fixed test by adding node-ical extensions to require()
• 703920b Bump eslint-plugin-import from 2.22.1 to 2.23.4 (David Liebscher's Vorschlag Chr1s70ph/ETIT-Master#122)
• 85550b0 add type definition for attendee (Bump discord-api-types from 0.25.2 to 0.26.0 Chr1s70ph/ETIT-Master#128)
• 708d29c Bump trim-newlines from 3.0.0 to 3.0.1 (/wochenplan may be longer than 1024 symbols Chr1s70ph/ETIT-Master#127)
• f703728 Bump eslint from 7.26.0 to 7.28.0 (David Liebscher's Vorschlag Chr1s70ph/ETIT-Master#123)
• 4195ab2 add method to vevent (cafeteria command Chr1s70ph/ETIT-Master#125)
• 549b043 brought back nodejs 10.x compatibility.
• 6e5add3 test nodejs 16.x also
• dad1ed5 fix xo dependency to 0.39.x because we cannot move to ESM yet.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.