[Snyk] Upgrade telegraf from 4.7.0 to 4.11.2 #5

snyk-bot · 2023-02-22T08:22:15Z

Snyk has created this PR to upgrade telegraf from 4.7.0 to 4.11.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 38 versions ahead of your current version.
The recommended version was released 3 months ago, on 2022-11-19.

Release notes

Package name: telegraf

4.11.2 - 2022-11-19
- Fixed types for sendMediaGroup to accept StreamFile.
- Only send message_thread_id if is_topic_message is true.
  Telegram sends message_thread_id for reply messages, even if the group doesn't have topics. This caused the bot to throw when ctx.reply was used against reply messages in non-forums.
4.11.1 - 2022-11-19
- Fixed an issue where TypeScript was not able to import "telegraf/filters". Top-level filters.{js|d.ts} were missing in package.json "files" array.
4.11.1-canary.2 - 2022-11-19
4.11.1-canary.1 - 2022-11-19
4.11.0 - 2022-11-18
🔺 Bot API 6.3 support
- Updated to Typegram 4.1.0 and added the following new methods to Telegram class:
  - createForumTopic
  - editForumTopic
  - closeForumTopic
  - reopenForumTopic
  - deleteForumTopic
  - unpinAllForumTopicMessages
  - getForumTopicIconStickers
- Added new method shorthands to Context; add message_thread_id implicitly to Context::send* methods.
✨ Filters! ✨

We've added a new powerful feature called filters! Here's how to use them.

// import our filters
import { message, editedMessage, channelPost, editedChannelPost, callbackQuery } from "telegraf/filters";
// you can also use require, like this:
// const { message, editedMessage, channelPost, editedChannelPost, callbackQuery } = require("telegraf/filters");

const bot = new Telegraf(token);

bot.on(message("text"), ctx => {
// this is a text message update
// ctx.message.text
});

bot.on(channelPost("video"), ctx => {
// this is a video channel post update
// ctx.channelPost.video
});

bot.on(callbackQuery("game_short_name"), ctx => {
// this is a callback_query game update
// ctx.callbackQuery.game_short_name
});

This unlocks the ability to filter for very specific update types previously not possible! This is only an initial release, and filters will become even more powerful in future updates.

All filters are also usable from a new method, ctx.has. This is very useful if you want to filter within a handler. For example:
```
// handles all updates
bot.use(ctx => {
  if (ctx.has(message("text"))) {
    // handles only text messages
    // ctx.message.text;
  } else {
    // handles all other updates
  }
});
```
Like bot.on, ctx.has also supports an array of update types and filters, even mixed:

// match a message update or a callbackQuery with data present
bot.on(["message", callbackQuery("data")], handler);

if (ctx.has(["message", callbackQuery("data")])) {
// ctx.update is a message update or a callbackQuery with data present
};
⚠️ Deprecating `bot.on` and `Composer::on` with message types!

As of this release, filtering by message type using bot.on() (for example: "text", "photo", etc.) is deprecated. Don't panic, though! Your existing bots will continue to work, but whenever you can, you must update your message type filters to use the above filters before v5. This is fairly easy to do, like this:
```
- bot.on("text", handler);
+ bot.on(message("text"), handler);
```
The deprecated message type behaviour will be removed in v5.

You might be happy, or fairly upset about this development. But it was important we made this decision. For a long time, Telegraf has supported filtering by both update type and message type.

This meant you could use bot.on("message"), or bot.on("text") (text here is a message type, and not an update type, so this was really making sure that update.message.text existed). However, when polls were introduced, this caused a conflict. bot.on("poll") would match both update.poll (update about stopped polls sent by the bot) and update.message.poll (a message that is a native poll). At type-level, both objects will show as available, which was wrong.

Besides, this type of filters really limited how far we could go with Telegraf. That's why we introduced filters, which are way more powerful and flexible!
⚠️ An important reminder

A few updates back, in 4.9.0, we added ctx.send* methods to replace ctx.reply* methods. This is because in v5 the behaviour of ctx.reply* will be to actually reply to the current message, instead of only sending a message.

To start using this behaviour right away, we had also introduced a middleware. We recommend you start using this, so that you're prepared for v5, which is brewing very soon!

import { useNewReplies } from "telegraf/future";

// this will enable ctx.reply throughout the bot to automatically reply to current message
// use ctx.sendMessage and friends to send a message without replying
bot.use(useNewReplies());
Other changes
- bot.launch is now catchable (#1657)
  
  Polling errors were previously uncatchable in Telegraf. They are now. Simply attach a catch to bot.launch:
  
  bot.launch().catch(e => {
  // polling has errored
  });
  
  // You an also use await and try/catch if you're using ESM
  
  Three things to remember:
  - In case you're using bot.launch in webhook mode, it will immediately resolve after setWebhook completes.
  - This now means that bot.launch in polling mode will not resolve immediately. Instead, it will resolve after bot.stop(), or reject when there's a polling error.
  - The bot will not continue running after it errors, even if the error is caught. Before you create a new bot instance and launch it, consider that this error is fatal for a serious reason (for example: network is down, or bot token is incorrect). You may not want to attempt a restart when this happens.
  We previously did not want fatal errors to be caught, since it gives the impression that it's a handleable error. However, being able to catch this is useful when you launch multiple bots in the same process, and one of them failing doesn't need to bring down the process.
  
  Use this feature with care. :)
- Format helpers ("telegraf/format") now use template string substitution instead of naively using +=. (Discussion)
Follow Telegraf_JS to receive these updates in Telegram. If you have feedback about this update, please share with us on @ TelegrafJSChat!
4.11.0-canary.1 - 2022-11-12
4.10.0 - 2022-10-01
- Brand new formatting helpers! No more awkward escaping.
 
 import { fmt, bold, italics, mention } from "telegraf/format";
 
 ctx.reply(fmt Ground control to ${mention("Major Tom", 10000000)} ${boldLock your Soyuz hatch} and ${italicput your helmet on} — ${link("David Bowie", "https://en.wikipedia.org/wiki/David_Bowie")} );
 
 This also just works with captions!
```
ctx.replyWithPhoto(
 file.id,
 { caption: fmt`${bold`File name:`} ${file.name}` },
);
```
- Added Input helpers to create the InputFile object.
 https://funny-cats.example/cats.jpg"))
 });">
```
import { Telegraf, Input } from "telegraf";

const bot = new Telegraf(token);
bot.telegram.sendVideo(chatId, Input.fromLocalFile("../assets/cats.mp4"));
bot.telegram.sendDocument(chatId, Input.fromBuffer(buf));
bot.command("cat", ctx => {

ctx.sendPhoto(Input.fromURL("https://funny-cats.example/cats.jpg"))

});
```
 This helps clear the confusion many users have about InputFile.
- Deprecated ctx.replyWithMarkdown; prefer MarkdownV2 as Telegram recommends.
- Deprecated ctx.replyWithChatAction; use identical method ctx.sendChatAction instead.
- bot.launch()'s webhook options now accepts certificate for self-signed certs.
- Fix bot crashes if updateHandler throws (#1709)
4.9.2 - 2022-09-13
- Fixed bad shorthand for ctx.replyWithVideo (#1687)
4.9.1 - 2022-08-29
- Updated typegram to v3.11.0.
4.9.0 - 2022-08-26
You can now follow Telegraf releases on Telegram
- Added support for Bot API 6.1, and API 6.2.
- Easier Webhooks! Added Telegraf::createWebhook which calls setWebhook, and returns Express-style middleware. [Example]
- New docs! at feathers-studio/telegraf-docs. All examples were moved there and updated to full TS and ESM.
- More type exports: Experimental export of internal types (such as the Extra* types) now found as: import type { Convenience } from "telegraf/types" (#1659)
- Actual replies: New middleware: import { useNewReplies } from telegraf/future that changes the behaviour of Context::reply* methods to actually reply to the context message. This will be the default in v5.
- Added Context::sendMessage and Context:sendWith* methods to replace the old Context::reply and Context::replyWith* methods.
- Updated Telegraf binary! Supports ESM modules, new command-line options --method and --data to call API methods from the command-line.
4.9.0-canary.12 - 2022-08-24
4.9.0-canary.11 - 2022-08-24
4.9.0-canary.10 - 2022-08-18
4.9.0-canary.9 - 2022-05-18
4.9.0-canary.8 - 2022-05-18
4.9.0-canary.7 - 2022-05-18
4.9.0-canary.6 - 2022-05-15
4.9.0-canary.5 - 2022-05-15
4.9.0-canary.4 - 2022-05-15
4.9.0-canary.3 - 2022-05-15
4.9.0-canary.2 - 2022-05-15
4.9.0-canary.1 - 2022-05-15
4.8.6 - 2022-07-25
4.8.5 - 2022-06-08
- Fix: Add exports.import to be able to import Telegraf in Node16+ mode
4.8.5-canary.1 - 2022-06-08
4.8.4 - 2022-06-07
Read more
4.8.3 - 2022-05-29
4.8.2 - 2022-05-13
4.8.1 - 2022-04-29
4.8.0 - 2022-04-29
4.8.0-canary.8 - 2022-04-29
4.8.0-canary.7 - 2022-04-29
4.8.0-canary.6 - 2022-04-29
4.8.0-canary.5 - 2022-04-28
4.8.0-canary.4 - 2022-04-28
4.8.0-canary.3 - 2022-04-28
4.8.0-canary.2 - 2022-04-28
4.8.0-canary.1 - 2022-04-28
4.7.0 - 2022-02-05