Open thisistoni opened 7 months ago
Glydric
commented
5 months ago I have the same problem, but the npm audit fix says the problem is with @cypress/request-promise *
So i think that someway all the cypress versions are described as "problematic", indeed the node telegram bot api v0.64.0 uses cypress >3.0.0 that should not have the vuln https://github.com/advisories/GHSA-p8p7-x288-28g6
danielperez9430
commented
5 months ago I have the same problem, but the npm audit fix says the problem is with
@cypress/request-promise *So i think that someway all the cypress versions are described as "problematic", indeed the node telegram bot api v0.64.0 uses cypress >3.0.0 that should not have the vuln https://github.com/advisories/GHSA-p8p7-x288-28g6
Maybe I will fork the request-promise for change the peer dependecy of request and use the cypress/request
Bug Report Expected Behavior Using the latest version of node-telegram-bot-api should not trigger any security warnings regarding outdated or insecure dependencies, especially after running npm audit fix or npm audit fix --force.
Actual Behavior Currently, there are security warnings related to dependencies such as request, request-promise, and tough-cookie in the node-telegram-bot-api library, even after updating to the latest version (0.64.0) and attempting to resolve them with npm audit fix or npm audit fix --force.
Steps to Reproduce the Behavior Install node-telegram-bot-api with the latest version (0.64.0). Run npm audit to check for security warnings. Attempt to resolve the warnings with npm audit fix or npm audit fix --force. Note that the security warnings persist.