New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
security warnings with 0.64.0 #1152
Comments
I have the same problem, but the npm audit fix says the problem is with |
Maybe I will fork the request-promise for change the peer dependecy of request and use the cypress/request |
Bug Report
Expected Behavior
Using the latest version of node-telegram-bot-api should not trigger any security warnings regarding outdated or insecure dependencies, especially after running npm audit fix or npm audit fix --force.
Actual Behavior
Currently, there are security warnings related to dependencies such as request, request-promise, and tough-cookie in the node-telegram-bot-api library, even after updating to the latest version (0.64.0) and attempting to resolve them with npm audit fix or npm audit fix --force.
Steps to Reproduce the Behavior
Install node-telegram-bot-api with the latest version (0.64.0).
Run npm audit to check for security warnings.
Attempt to resolve the warnings with npm audit fix or npm audit fix --force.
Note that the security warnings persist.
The text was updated successfully, but these errors were encountered: