Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade node-telegram-bot-api from 0.21.1 to 0.30.0 #9

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade node-telegram-bot-api from 0.21.1 to 0.30.0 #9

wants to merge 1 commit into from

Conversation

JoeKarlsson
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 461/1000
Why? Recently disclosed, Has a fix available, CVSS 3.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-DEBUG-3227433		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: node-telegram-bot-api The new version differs by 250 commits.
  • 119d892 release: v0.30.0
  • 1169f8e chore: Use npm script prepublishOnly instead of deprecated prepublish
  • 5cecffc chore/deps: Downgrade eslint for Node v4 compatibility
  • 7e9e9b1 test: Fix previously-uncaught lint errors
  • 2bdd50f chore/deps: Update dependencies
  • 3096966 doc: Showcase and update contributor list
  • 1f4c79e chore: Ignore package lock file
  • 8edf1fb doc: Update changelog
  • 55332c3 doc: Update changelog, version badge
  • 96c50ba doc: Improve deprecation messages
  • 4358f20 doc: Minor fixes on documentation
  • 0781ae6 src/telegram: Add TelegramBot#sendMediaGroup()
  • 584610b doc: Add tutorial [RUS] (#477)
  • 1a08221 src/telegram: Improve sending files (#471)
  • d719799 doc: Add note on specifying additional Telegram query options
  • 4051117 src: Minor reorganisation, fixes
  • f28416f src/telegram: Implement downloadFile() in terms of getFileStream()
  • 04e8b89 src/telegram: Emit 'info' on stream from TelegramBot#getFileStream()
  • b968e89 src/telegram: Populate Stream#path from TelegramBot#getFileStream()
  • b91409a test: Fix path to ssl key, cert
  • 455a93c examples: Add notice of openshift 2 shutdown
  • 17f8394 chore: Re-organise examples
  • d9692f4 src/telegram: Add TelegramBot#getFileStream()
  • 0870684 src/polling: Fix the Offset Infinite Loop bug (#265)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

馃 Regular Expression Denial of Service (ReDoS)

@snyk-bot
fix: package.json to reduce vulnerabilities
c741b66 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-DEBUG-3227433
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@JoeKarlsson @snyk-bot