search

mast / telegram-bot-api

First Telegram Bot API node.js library
http://mast.github.io/telegram-bot-api/
MIT License
246 stars 64 forks source link

Update request-promise version #57

Closed hanzki closed 5 years ago

hanzki commented 5 years ago

I noticed that Github gives a security vulnerability (CVE-2018-3721) warning because of an outdated lodash version (3.10). This version is included because it's a dependency of request-promise 1.0.2 which this package still depends on.

Are there breaking changes which stop us from bumping the request-promise version?

Gyunikuchan commented 5 years ago

Also, the request lib needs to be included as a dependency now.

mast commented 5 years ago

1.3.2