search

yagop / node-telegram-bot-api

Telegram Bot API for NodeJS
MIT License
8.34k stars 1.52k forks source link

tough-cookie@2.5.0 vulnerability issues #1111

Closed ArvinCS closed 11 months ago

ArvinCS commented 1 year ago

Feature Request

I have:

I think the library needs to upgrade its dependency that dependent to tough-cookie@2.5.0. Since tough-cookie@2.5.0 has vulnerability issue (https://avd.aquasec.com/nvd/cve-2023-26136), it needs to be updated to tough-cookie@4.0.0.

node-telegram-bot-api@0.61.0 ├─┬ request-promise@4.2.6 │ └── tough-cookie@2.5.0 └─┬ request@2.88.2 └── tough-cookie@2.5.0

Introduction

It will solve this vulnerability issue: https://avd.aquasec.com/nvd/cve-2023-26136

Example

Update the library request and request-promise.

melroy89 commented 1 year ago

Related: https://github.com/yagop/node-telegram-bot-api/issues/1076

danielperez9430 commented 11 months ago

fix: on next release