This project depends on third-party npm packages that have known vulnerabilities:

• Severity: Critical
• Affected versions: 4.0.0 - 4.0.3
• Package: openpipe → feather-ai
• CVE: GHSA-fjxv-7rqg-78g4
• Status: No fix available from upstream
• Risk: Low - Only affects boundary selection in HTTP form data

• Severity: Moderate
• Affected versions: < 6.23.0
• Package: discord.js → @discordjs/rest
• CVE: GHSA-g9mf-h72j-4rw9
• Status: Fix requires discord.js v15 (breaking change)
• Risk: Low - Requires a malicious HTTP server to exploit

These vulnerabilities are in indirect dependencies (dependencies of dependencies). The actual exploit risk for this bot is low because:

1. form-data: Only relevant if an attacker can control the boundary parameter in multipart form submissions - not applicable to this bot's usage
2. undici: Requires the bot to connect to a malicious server that sends specially crafted compressed responses

We monitor these vulnerabilities and will update when upstream fixes are available.

If you discover a security issue in this project's code, please open an issue.