You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Bug Report
Expected Behavior
Using the latest version of node-telegram-bot-api should not trigger any security warnings regarding outdated or insecure dependencies, especially after running npm audit fix or npm audit fix --force.
Actual Behavior
Currently, there are security warnings related to dependencies such as request, request-promise, and tough-cookie in the node-telegram-bot-api library, even after updating to the latest version (0.64.0) and attempting to resolve them with npm audit fix or npm audit fix --force.
Steps to Reproduce the Behavior
Install node-telegram-bot-api with the latest version (0.64.0).
Run npm audit to check for security warnings.
Attempt to resolve the warnings with npm audit fix or npm audit fix --force.
Note that the security warnings persist.
The text was updated successfully, but these errors were encountered:
I have the same problem, but the npm audit fix says the problem is with @cypress/request-promise *
So i think that someway all the cypress versions are described as "problematic", indeed the node telegram bot api v0.64.0 uses cypress >3.0.0 that should not have the vuln GHSA-p8p7-x288-28g6
I have the same problem, but the npm audit fix says the problem is with @cypress/request-promise *
So i think that someway all the cypress versions are described as "problematic", indeed the node telegram bot api v0.64.0 uses cypress >3.0.0 that should not have the vuln GHSA-p8p7-x288-28g6
Maybe I will fork the request-promise for change the peer dependecy of request and use the cypress/request
Bug Report
Expected Behavior
Using the latest version of node-telegram-bot-api should not trigger any security warnings regarding outdated or insecure dependencies, especially after running npm audit fix or npm audit fix --force.
Actual Behavior
Currently, there are security warnings related to dependencies such as request, request-promise, and tough-cookie in the node-telegram-bot-api library, even after updating to the latest version (0.64.0) and attempting to resolve them with npm audit fix or npm audit fix --force.
Steps to Reproduce the Behavior
Install node-telegram-bot-api with the latest version (0.64.0).
Run npm audit to check for security warnings.
Attempt to resolve the warnings with npm audit fix or npm audit fix --force.
Note that the security warnings persist.
The text was updated successfully, but these errors were encountered: