request-promise is deprecated

[microcai]

tgbot is using request-promise as https client. but request-promise is deprecated by upstream developers. see https://github.com/request/request/issues/3143

[hodlerhacks]

In addition, it uses 'request', which has been deprecated. And 'request' has a dependency on 'har-validator', which is no longer supported, and on an a deprecated version of 'uuid'.

It would be great if this could be resolved by moving to an alternative, e.g. see some examples here: https://github.com/request/request/issues/3143

Other than that, I'm super happy with this library. Thanks for the great work!

[muety]

Since version 18 (I believe) Node has the fetch API included, so no more need for a third-party HTTP client.

[hodlerhacks]

Indeed. The only disadvantage is that it requires every application using tgbot to be on Node 18 or above (which may cause problems for some people, including me ;-)).

[jinsankim]

how about node-fetch? It's a polyfill of fetch and it requires only node 12.20.0 at least.

[melroy89]

Not only is request / request-promise deprecated, now you also got a nasty server side request forgery attack security issue: https://github.com/advisories/GHSA-p8p7-x288-28g6 ... so the urgency is just become more important to move away from this package!

[melroy89]

And this package now also causes issues with bun!

[Hambat]

any updates?

[danielperez9430]

fix: on next release

[jinsankim]

@cypress/request is not working with node v20.x. :(

[danielperez9430]

@cypress/request is not working with node v20.x. :(

I test in node v20.9.0 and i dont have any problem 🤔

At less you have one bot.onText('... with a text that is not a regex. But this case we also have in the old versions. Because bot.onText exec a regex expression.

[jinsankim]

I test in node v20.9.0 and i dont have any problem

I found also it works in node v20 with mac. But it doesn't work in node v20 with ubuntu.

[saeedhei]

Does this bot have the ability to update with axios? @danielperez9430 @kamikazechaser @yagop

[danielperez9430]

Does this bot have the ability to update with axios?

@danielperez9430 @kamikazechaser @yagop

The idea is not use axios. Is use the native fetch from node 16 (with feature flag), 18 or new versions that support it native without need any dependency.

This will be a breaking change to the next mayor version when we start the refactor.

[danielperez9430]

I test in node v20.9.0 and i dont have any problem

I found also it works in node v20 with mac. But it doesn't work in node v20 with ubuntu.

Maybe you can open a new issuse with the error that you have and more info. But is so strange 🤔

[saeedhei]

Please do consider refactoring to native fetch. This change will boost performance, reduce dependencies, and align us with good development practices.✅

[jinsankim]

Maybe you can open a new issuse with the error that you have and more info. But is so strange 🤔

Might be related with https://github.com/cypress-io/request/issues/47 ?