[Snyk] Upgrade node-telegram-bot-api from 0.30.0 to 0.51.0 by snyk-bot · Pull Request #23 · pabloli84/telbot_deirspb

snyk-bot · 2021-04-02T06:57:07Z

Snyk has created this PR to upgrade node-telegram-bot-api from 0.30.0 to 0.51.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 3 versions ahead of your current version.
The recommended version was released 3 months ago, on 2020-12-22.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-LODASH-590103	490/1000 Why? CVSS 9.8	No Known Exploit
Command Injection SNYK-JS-LODASH-1040724	490/1000 Why? CVSS 9.8	Proof of Concept
Remote Memory Exposure SNYK-JS-BL-608877	490/1000 Why? CVSS 9.8	No Known Exploit
Prototype Pollution SNYK-JS-AJV-584908	490/1000 Why? CVSS 9.8	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	490/1000 Why? CVSS 9.8	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: node-telegram-bot-api

0.51.0 - 2020-12-22
doc: add clear listener methods
0.50.0 - 2020-05-12
Added:
1. Support Bot API v4.8: (by @ danielperez9430)
  - Add methods: sendDice()
2. Support Bot API v4.7: (by @ danielperez9430)
  - Add methods: getMyCommands(),setMyCommands()
3. Support Bot API v4.5: (by @ danielperez9430)
  - Add methods: setChatAdministratorCustomTitle()
4. Support Bot API v4.4: (by @ danielperez9430)
  - Add methods: setChatPermissions()
5. Support for poll_answer (by @ jiejiss)
6. Add request options in file stream (by @ zhangpanyi )
Changed: (by @ danielperez9430)
- New message type: dice
- Fix Bugs in tests
- Fix regex compare (by @ ledamint)
- Fix listening for error events when downloading files (by @ Kraigo)
New Test: (by @ danielperez9430)
- sendDice
- getMyCommands
- setMyCommands
- setChatAdministratorCustomTitle
- setChatPermissions
0.40.0 - 2019-10-17
0.30.0 - 2017-12-21
Added:
1. Support Bot API v3.5: (by @ GochoMugo)
  - Allow provider_data parameter in TelegramBot#sendInvoice
  - Add method TelegramBot#sendMediaGroup()
2. Support Bot API v3.4: (by @ kamikazechaser)
  - Add methods TelegramBot#editMessageLiveLocation, TelegramBot#stopMessageLiveLocation (#439)
  - Add methods TelegramBot#setChatStickerSet, TelegramBot#deleteChatStickerSet (#440)
3. Add methods:
  - TelegramBot#getFileStream (#442) (by @ GochoMugo, requested-by @ Xaqron)
4. Add options to TelegramBot#stopPolling() (by @ GochoMugo)
5. Add metadata argument in message event (and friends e.g. text, audio, etc.) (#409) (by @ jlsjonas, @ GochoMugo)
6. Add forward-compatibility i.e. support future additional Telegram options (by @ GochoMugo)
7. Add support for Node.js v9 (by @ GochoMugo)
8. Document TelegramBot.errors, TelegramBot.messageTypes (by @ GochoMugo)
Changed:
1. Update TelegramBot#answerCallbackQuery() signature (by @ GochoMugo)
2. Improve default error logging of polling_error and webhook_error (#377)
3. Update dependencies
Deprecated:
1. Sending files: (See [usage guide][usage-sending-files]) (by @ hufan-akari, @ GochoMugo)
  - Error will not be thrown if Buffer is used and file-type could not be detected.
  - Filename will not be set to data.${ext} if Buffer is used
  - Content type will not default to null or undefined
Fixed:
1. Fix the offset infinite loop bug (#265, #36) (by @ GochoMugo)
2. Fix game example (#449, #418) (by @ MCSH)