[Snyk] Upgrade telegraf from 4.7.0 to 4.11.2 #5
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade telegraf from 4.7.0 to 4.11.2.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Release notes
Package name: telegraf
sendMediaGroup
to acceptStreamFile
.message_thread_id
ifis_topic_message
is true.Telegram sends
message_thread_id
for reply messages, even if the group doesn't have topics. This caused the bot to throw whenctx.reply
was used against reply messages in non-forums."telegraf/filters"
. Top-levelfilters.{js|d.ts}
were missing in package.json "files" array.🔺 Bot API 6.3 support
Telegram
class:createForumTopic
editForumTopic
closeForumTopic
reopenForumTopic
deleteForumTopic
unpinAllForumTopicMessages
getForumTopicIconStickers
Context
; addmessage_thread_id
implicitly toContext::send*
methods.✨ Filters! ✨
We've added a new powerful feature called filters! Here's how to use them.
import { message, editedMessage, channelPost, editedChannelPost, callbackQuery } from "telegraf/filters";
// you can also use require, like this:
// const { message, editedMessage, channelPost, editedChannelPost, callbackQuery } = require("telegraf/filters");
const bot = new Telegraf(token);
bot.on(message("text"), ctx => {
// this is a text message update
// ctx.message.text
});
bot.on(channelPost("video"), ctx => {
// this is a video channel post update
// ctx.channelPost.video
});
bot.on(callbackQuery("game_short_name"), ctx => {
// this is a callback_query game update
// ctx.callbackQuery.game_short_name
});
This unlocks the ability to filter for very specific update types previously not possible! This is only an initial release, and filters will become even more powerful in future updates.
All filters are also usable from a new method,
ctx.has
. This is very useful if you want to filter within a handler. For example:Like
bot.on
,ctx.has
also supports an array of update types and filters, even mixed:bot.on(["message", callbackQuery("data")], handler);
if (ctx.has(["message", callbackQuery("data")])) {
// ctx.update is a message update or a callbackQuery with data present
};
As of this release, filtering by message type using
bot.on()
(for example: "text", "photo", etc.) is deprecated. Don't panic, though! Your existing bots will continue to work, but whenever you can, you must update your message type filters to use the above filters before v5. This is fairly easy to do, like this:The deprecated message type behaviour will be removed in v5.
You might be happy, or fairly upset about this development. But it was important we made this decision. For a long time, Telegraf has supported filtering by both update type and message type.
This meant you could use
bot.on("message")
, orbot.on("text")
(text here is a message type, and not an update type, so this was really making sure thatupdate.message.text
existed). However, when polls were introduced, this caused a conflict.bot.on("poll")
would match bothupdate.poll
(update about stopped polls sent by the bot) andupdate.message.poll
(a message that is a native poll). At type-level, both objects will show as available, which was wrong.Besides, this type of filters really limited how far we could go with Telegraf. That's why we introduced filters, which are way more powerful and flexible!
A few updates back, in 4.9.0, we added
ctx.send*
methods to replacectx.reply*
methods. This is because in v5 the behaviour ofctx.reply*
will be to actually reply to the current message, instead of only sending a message.To start using this behaviour right away, we had also introduced a middleware. We recommend you start using this, so that you're prepared for v5, which is brewing very soon!
// this will enable ctx.reply throughout the bot to automatically reply to current message
// use ctx.sendMessage and friends to send a message without replying
bot.use(useNewReplies());
Other changes
bot.launch
is now catchable (#1657)Polling errors were previously uncatchable in Telegraf. They are now. Simply attach a
catch
tobot.launch
:// polling has errored
});
// You an also use await and try/catch if you're using ESM
Three things to remember:
bot.launch
in webhook mode, it will immediately resolve aftersetWebhook
completes.bot.launch
in polling mode will not resolve immediately. Instead, it will resolve afterbot.stop()
, or reject when there's a polling error.We previously did not want fatal errors to be caught, since it gives the impression that it's a handleable error. However, being able to catch this is useful when you launch multiple bots in the same process, and one of them failing doesn't need to bring down the process.
Use this feature with care. :)
Format helpers (
"telegraf/format"
) now use template string substitution instead of naively using+=
. (Discussion)Follow Telegraf_JS to receive these updates in Telegram. If you have feedback about this update, please share with us on @ TelegrafJSChat!
Brand new formatting helpers! No more awkward escaping.
ctx.reply(fmt
</span> <span class="pl-s">Ground control to <span class="pl-s1"><span class="pl-kos">${</span><span class="pl-en">mention</span><span class="pl-kos">(</span><span class="pl-s">"Major Tom"</span><span class="pl-kos">,</span> <span class="pl-c1">10000000</span><span class="pl-kos">)</span><span class="pl-kos">}</span></span></span> <span class="pl-s"><span class="pl-s1"><span class="pl-kos">${</span><span class="pl-en">bold</span><span class="pl-s">
Lock your Soyuz hatch</span><span class="pl-kos">}</span></span> and <span class="pl-s1"><span class="pl-kos">${</span><span class="pl-en">italic</span><span class="pl-s">
put your helmet on</span><span class="pl-kos">}</span></span></span> <span class="pl-s">— <span class="pl-s1"><span class="pl-kos">${</span><span class="pl-en">link</span><span class="pl-kos">(</span><span class="pl-s">"David Bowie"</span><span class="pl-kos">,</span> <span class="pl-s">"https://en.wikipedia.org/wiki/David_Bowie"</span><span class="pl-kos">)</span><span class="pl-kos">}</span></span></span> <span class="pl-s">
);This also just works with captions!
Added Input helpers to create the InputFile object.
});">
This helps clear the confusion many users have about InputFile.
Deprecated
ctx.replyWithMarkdown
; prefer MarkdownV2 as Telegram recommends.Deprecated
ctx.replyWithChatAction
; use identical methodctx.sendChatAction
instead.bot.launch()
's webhook options now acceptscertificate
for self-signed certs.Fix bot crashes if
updateHandler
throws (#1709)ctx.replyWithVideo
(#1687)You can now follow Telegraf releases on Telegram
Telegraf::createWebhook
which callssetWebhook
, and returns Express-style middleware. [Example]Extra*
types) now found as:import type { Convenience } from "telegraf/types"
(#1659)import { useNewReplies } from telegraf/future
that changes the behaviour ofContext::reply*
methods to actually reply to the context message. This will be the default in v5.Context::sendMessage
andContext:sendWith*
methods to replace the oldContext::reply
andContext::replyWith*
methods.--method
and--data
to call API methods from the command-line.Read more
Commit messages
Package name: telegraf
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs