Deprecated dependencies: @cypress/request-promise

[Cm-8]

This node.js module has 9 dependencies.
(visible here: https://www.npmjs.com/package/node-telegram-bot-api?activeTab=dependencies).

One of these, the @cypress/request-promise is reported as Deprecated (https://github.com/cypress-io/request-promise).

Although it is an excellent package and has a strong diffusion, from a security perspective it is no longer as good.

Are there any adjustments planned or some workaround?

Thank you

[danielperez9430]

The package request-promise from Cypress was not marked as deprecated, the readme is part of the fork of the original package but still have support from the Cypress team and not marked as deprecated at the npm level. Also they use this package internal in their product.

[DemonMartin]

There seem to be some more deprecated modules now if installing the latest version of node-telegram-bot-api from NPM.

Might consider maybe changing or updating the modules:

npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.     
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142

(to reproduce simply run npm install node-telegram-bot-api)