search

pabloli84 / telbot_deirspb

MIT License
1 stars 0 forks source link

[Snyk] Upgrade node-telegram-bot-api from 0.30.0 to 0.51.0 #23

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to upgrade node-telegram-bot-api from 0.30.0 to 0.51.0.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-LODASH-590103		 490/1000
Why? CVSS 9.8		 No Known Exploit
Command Injection
SNYK-JS-LODASH-1040724		 490/1000
Why? CVSS 9.8		 Proof of Concept
Remote Memory Exposure
SNYK-JS-BL-608877		 490/1000
Why? CVSS 9.8		 No Known Exploit
Prototype Pollution
SNYK-JS-AJV-584908		 490/1000
Why? CVSS 9.8		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 490/1000
Why? CVSS 9.8		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: node-telegram-bot-api
  • 0.51.0 - 2020-12-22

    doc: add clear listener methods

  • 0.50.0 - 2020-05-12

    Added:

    1. Support Bot API v4.8: (by @ danielperez9430)
      • Add methods: sendDice()
    2. Support Bot API v4.7: (by @ danielperez9430)
      • Add methods: getMyCommands(),setMyCommands()
    3. Support Bot API v4.5: (by @ danielperez9430)
      • Add methods: setChatAdministratorCustomTitle()
    4. Support Bot API v4.4: (by @ danielperez9430)
      • Add methods: setChatPermissions()
    5. Support for poll_answer (by @ jiejiss)
    6. Add request options in file stream (by @ zhangpanyi )

    Changed: (by @ danielperez9430)

    • New message type: dice
    • Fix Bugs in tests
    • Fix regex compare (by @ ledamint)
    • Fix listening for error events when downloading files (by @ Kraigo)

    New Test: (by @ danielperez9430)

    • sendDice
    • getMyCommands
    • setMyCommands
    • setChatAdministratorCustomTitle
    • setChatPermissions
  • 0.40.0 - 2019-10-17
  • 0.30.0 - 2017-12-21

    Added:

    1. Support Bot API v3.5: (by @ GochoMugo)
      • Allow provider_data parameter in TelegramBot#sendInvoice
      • Add method TelegramBot#sendMediaGroup()
    2. Support Bot API v3.4: (by @ kamikazechaser)
      • Add methods TelegramBot#editMessageLiveLocation, TelegramBot#stopMessageLiveLocation (#439)
      • Add methods TelegramBot#setChatStickerSet, TelegramBot#deleteChatStickerSet (#440)
    3. Add methods:
    4. Add options to TelegramBot#stopPolling() (by @ GochoMugo)
    5. Add metadata argument in message event (and friends e.g. text, audio, etc.) (#409) (by @ jlsjonas, @ GochoMugo)
    6. Add forward-compatibility i.e. support future additional Telegram options (by @ GochoMugo)
    7. Add support for Node.js v9 (by @ GochoMugo)
    8. Document TelegramBot.errors, TelegramBot.messageTypes (by @ GochoMugo)

    Changed:

    1. Update TelegramBot#answerCallbackQuery() signature (by @ GochoMugo)
    2. Improve default error logging of polling_error and webhook_error (#377)
    3. Update dependencies

    Deprecated:

    1. Sending files: (See [usage guide][usage-sending-files]) (by @ hufan-akari, @ GochoMugo)
      • Error will not be thrown if Buffer is used and file-type could not be detected.
      • Filename will not be set to data.${ext} if Buffer is used
      • Content type will not default to null or undefined

    Fixed:

    1. Fix the offset infinite loop bug (#265, #36) (by @ GochoMugo)
    2. Fix game example (#449, #418) (by @ MCSH)
from node-telegram-bot-api GitHub release notes
Commit messages
Package name: node-telegram-bot-api
  • 28cd62e doc: add clear listener methods
  • ec7e61e feat: add clear listener methods (#834)
  • 3829e72 fix: send animation (#843)
  • 5d30b6a Telegram Bot API 5.0 Support (#835)
  • fc24d0d [Docs] How to set webhooks using express local server and NGROK (#824)
  • 167e52c [security] bump bl package to minver
  • 93eaad0 test: update removeTextListener
  • 917c20c release: v0.50.0
  • 7643551 Fix catch error while file not able download (#737)
  • d853a18 fix regexp compare (#783)
  • b4309cf src/telegram: Add request options in getFileStream (#771)
  • 1ca5e2b Update tutorials.md (#803)
  • 1bae9c2 Add new method sendDice, getMyCommands, setMyCommands and more (#796)
  • c6a0eed Update README.md (#790)
  • 8bf57c1 example: update express example
  • 5169d79 docs: add proxy usage reference
  • 667380f test: skip sendContact
  • 5553cee release: tidy up
  • e66243a [Docs] Update documentation (#753)
  • 1f1e46e test: skip stopMessageLiveLocation
  • 690c26f [Package] Bump to v.0.40.0 (#752)
  • 0613a1b test: temporarily disable pr builds
  • 7feb884 test: update test suite
  • a0aa873 test: Run tests on Node.js v10, v12
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs