2 HIGH VULNERABILITIES

[Legends-of-NGDB]

Run npm i discord-player@latest in your terminal.

NPM says:

94 packages are looking for funding

2 high severity vulnerabilities

[zipperdev]

+1

The NPM audit report is as follows:

# npm audit report

ip  *
Severity: high
ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/ip
  discord-player  >=6.6.3-dev.0
  Depends on vulnerable versions of ip
  node_modules/discord-player

2 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

[retrouser955]

Temp fix. Use the latest discord-player but do not use the IP rotator.

[twlite]

@zipperdev @Legends-of-NGDB we are using the latest version of ip package, so we cant do anything until they fix it first. On the other hand, your bot won't have issues running it because the issue here is ip package classifying private ip as public, which is out of scope for discord-player. IP related code is here https://github.com/Androz2091/discord-player/blob/master/packages/discord-player/src/utils/IPRotator.ts and it is only used to generate random ip address based on the block you have specified (only if you are using ip rotation feature)

[twlite]

should be done in latest version. You are required to install ip package yourself if you want ip rotation stuff