chore(deps): update dependency @discordjs/opus to ^0.8.0 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@discordjs/opus	^0.5.0 -> ^0.8.0

GitHub Vulnerability Alerts

CVE-2022-25345

Improperly handled errors in @​discordjs/opus cause hard crashes instead of returning the error to user land. All versions of package @​discordjs/opus (<= 0.7.0) are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash due to improperly returning the errors from the invalid inputs.

As of version 0.8.0, the errors are correctly returned to the user and are no longer throwing hard crashes that cannot be recovered.

---

Release Notes

discordjs/opus (@​discordjs/opus)

v0.8.0: 0.8.0

Compare Source

Features

• feat: support node 18 (discordjs/opus@9fa0d54, discordjs/opus@185c78d, discordjs/opus@5af481d, discordjs/opus@344f064, discordjs/opus@63555ae, discordjs/opus@3befecb, discordjs/opus@b76e7a0)

Bug Fixes

• fix: fix CVE (discordjs/opus@406249f)

v0.7.0: 0.7.0

Compare Source

Features

• feat node 17 support (fbd68ee)

v0.6.0: 0.6.0

Compare Source

Features

• feat add support for macos arm64 (d929bdb)

v0.5.3: 0.5.3

Compare Source

Features

• chore remove outdated workflows (3ca4341)

v0.5.2: 0.5.2

Compare Source

Features

• chore update deps to allow node 16 prebuilt downloads (22fd6b7)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock

➤ YN0000: ┌ Resolution step
➤ YN0032: │ node-addon-api@npm:5.1.0: Implicit dependencies on node-gyp are discouraged
➤ YN0061: │ npmlog@npm:5.0.1 is deprecated: This package is no longer supported.
➤ YN0061: │ are-we-there-yet@npm:2.0.0 is deprecated: This package is no longer supported.
➤ YN0061: │ gauge@npm:3.0.2 is deprecated: This package is no longer supported.
➤ YN0060: │ dogehq@workspace:. provides @discordjs/opus (p33a23) with version 0.8.0, which doesn't satisfy what prism-media requests
➤ YN0000: │ Some peer dependencies are incorrectly met; run yarn explain peer-requirements <hash> for details, where <hash> is the six-letter p-prefixed code
➤ YN0000: └ Completed in 1s 101ms
➤ YN0000: ┌ Fetch step
➤ YN0000: │ /tmp/xfs-07a0f1e3 STDOUT Installing the project using Yarn Classic
➤ YN0000: │ /tmp/xfs-07a0f1e3 STDOUT 
➤ YN0000: │ /tmp/xfs-07a0f1e3 STDOUT ➤ YN0000: Downloading https://nightly.yarnpkg.com/latest.js
➤ YN0000: │ /tmp/xfs-07a0f1e3 STDOUT ➤ YN0000: Saving the new release in .yarn/releases/yarn-1.22.22.cjs
➤ YN0000: │ /tmp/xfs-07a0f1e3 STDOUT ➤ YN0000: Done in 1s 840ms
➤ YN0000: │ /tmp/xfs-07a0f1e3 STDOUT 
➤ YN0000: │ /tmp/xfs-07a0f1e3 STDOUT yarn install v1.22.22
➤ YN0000: │ /tmp/xfs-07a0f1e3 STDOUT [1/4] Resolving packages...
➤ YN0000: │ /tmp/xfs-07a0f1e3 STDOUT [2/4] Fetching packages...
➤ YN0000: │ /tmp/xfs-07a0f1e3 STDERR error Error: certificate has expired
➤ YN0000: │ /tmp/xfs-07a0f1e3 STDERR     at TLSSocket.onConnectSecure (node:_tls_wrap:1674:34)
➤ YN0000: │ /tmp/xfs-07a0f1e3 STDERR     at TLSSocket.emit (node:events:519:28)
➤ YN0000: │ /tmp/xfs-07a0f1e3 STDERR     at TLSSocket._finishInit (node:_tls_wrap:1085:8)
➤ YN0000: │ /tmp/xfs-07a0f1e3 STDERR     at ssl.onhandshakedone (node:_tls_wrap:871:12)
➤ YN0000: │ /tmp/xfs-07a0f1e3 STDOUT info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
➤ YN0000: │ /tmp/xfs-c8a7a953 STDOUT Installing the project using Yarn Classic
➤ YN0000: │ /tmp/xfs-c8a7a953 STDOUT 
➤ YN0000: │ /tmp/xfs-c8a7a953 STDOUT ➤ YN0000: Downloading https://nightly.yarnpkg.com/latest.js
➤ YN0000: │ /tmp/xfs-c8a7a953 STDOUT ➤ YN0000: Saving the new release in .yarn/releases/yarn-1.22.22.cjs
➤ YN0000: │ /tmp/xfs-c8a7a953 STDOUT ➤ YN0000: Done in 1s 977ms
➤ YN0000: │ /tmp/xfs-c8a7a953 STDOUT 
➤ YN0000: │ /tmp/xfs-c8a7a953 STDOUT yarn install v1.22.22
➤ YN0000: │ /tmp/xfs-c8a7a953 STDOUT [1/4] Resolving packages...
➤ YN0000: │ /tmp/xfs-c8a7a953 STDOUT [2/4] Fetching packages...
➤ YN0000: │ /tmp/xfs-c8a7a953 STDOUT info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
➤ YN0000: │ /tmp/xfs-c8a7a953 STDERR error Error: certificate has expired
➤ YN0000: │ /tmp/xfs-c8a7a953 STDERR     at TLSSocket.onConnectSecure (node:_tls_wrap:1674:34)
➤ YN0000: │ /tmp/xfs-c8a7a953 STDERR     at TLSSocket.emit (node:events:519:28)
➤ YN0000: │ /tmp/xfs-c8a7a953 STDERR     at TLSSocket._finishInit (node:_tls_wrap:1085:8)
➤ YN0000: │ /tmp/xfs-c8a7a953 STDERR     at ssl.onhandshakedone (node:_tls_wrap:871:12)
➤ YN0058: │ @types/wrtc@https://github.com/1chiSensei/wrtc-types.git#commit=f354aa34f215350c803670d40b671824d6cd7770: Packing the package failed (exit code 1, logs can be found here: /tmp/xfs-f2aea5a4/pack.log)
➤ YN0013: │ 2 packages were already cached, 526 had to be fetched
➤ YN0000: └ Completed in 1m 23s
➤ YN0000: Failed with errors in 1m 24s