Closed ArvinCS closed 11 months ago
Feature Request
I have:
I think the library needs to upgrade its dependency that dependent to tough-cookie@2.5.0. Since tough-cookie@2.5.0 has vulnerability issue (https://avd.aquasec.com/nvd/cve-2023-26136), it needs to be updated to tough-cookie@4.0.0.
node-telegram-bot-api@0.61.0 ├─┬ request-promise@4.2.6 │ └── tough-cookie@2.5.0 └─┬ request@2.88.2 └── tough-cookie@2.5.0
It will solve this vulnerability issue: https://avd.aquasec.com/nvd/cve-2023-26136
Update the library request and request-promise.
Related: https://github.com/yagop/node-telegram-bot-api/issues/1076
fix: on next release
I have:
I think the library needs to upgrade its dependency that dependent to tough-cookie@2.5.0. Since tough-cookie@2.5.0 has vulnerability issue (https://avd.aquasec.com/nvd/cve-2023-26136), it needs to be updated to tough-cookie@4.0.0.
node-telegram-bot-api@0.61.0 ├─┬ request-promise@4.2.6 │ └── tough-cookie@2.5.0 └─┬ request@2.88.2 └── tough-cookie@2.5.0
Introduction
It will solve this vulnerability issue: https://avd.aquasec.com/nvd/cve-2023-26136
Example
Update the library request and request-promise.