From baa13f58a323b9272f123e45f995031f278bb8f3 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 7 Oct 2018 16:36:41 +0000 Subject: [PATCH 01/23] chore(deps): update dependency telegraf to v3.24.1 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 31b1fe9..7313060 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,7 @@ "express": "4.16.3" }, "devDependencies": { - "telegraf": "3.24.0", + "telegraf": "3.24.1", "mocha": "5.2.0" }, "scripts": { From e380a66342b91e12e49b1ebc768b4be18b105296 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 8 Oct 2018 17:58:59 +0000 Subject: [PATCH 02/23] fix(deps): update dependency debug to v4.1.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 7313060..5b42923 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,7 @@ "main": "index.js", "dependencies": { "axios": "0.18.0", - "debug": "4.0.1", + "debug": "4.1.0", "express": "4.16.3" }, "devDependencies": { From 3c256811ac5904d38ad6f38b38037dfae586b47f Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 30 Oct 2018 03:37:04 +0000 Subject: [PATCH 03/23] chore(deps): update dependency telegraf to v3.25.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 5b42923..1745b3a 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,7 @@ "express": "4.16.3" }, "devDependencies": { - "telegraf": "3.24.1", + "telegraf": "3.25.0", "mocha": "5.2.0" }, "scripts": { From d34944b12e18f284a4a92ad251c4a325941ac58c Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 5 Dec 2018 06:00:00 +0000 Subject: [PATCH 04/23] chore(deps): update dependency telegraf to v3.25.1 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 1745b3a..580cb12 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,7 @@ "express": "4.16.3" }, "devDependencies": { - "telegraf": "3.25.0", + "telegraf": "3.25.1", "mocha": "5.2.0" }, "scripts": { From 383acb8a0e157564d390eb006a51c30c6e2c3811 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 5 Dec 2018 19:32:49 +0000 Subject: [PATCH 05/23] chore(deps): update dependency telegraf to v3.25.5 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 580cb12..a1932c1 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,7 @@ "express": "4.16.3" }, "devDependencies": { - "telegraf": "3.25.1", + "telegraf": "3.25.5", "mocha": "5.2.0" }, "scripts": { From ad9bf8b65e3768328190bf9b7570394a42841578 Mon Sep 17 00:00:00 2001 From: Tiago Danin Date: Wed, 12 Dec 2018 12:36:50 -0200 Subject: [PATCH 06/23] Update renovate config --- renovate.json | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/renovate.json b/renovate.json index f45d8f1..9300a8f 100644 --- a/renovate.json +++ b/renovate.json @@ -1,5 +1,11 @@ { "extends": [ "config:base" + ], + "assignees": [ + "TiagoDanin" + ], + "labels": [ + "renovate" ] } From 2281fbeaca2f28edf6ea20ca0e841e803f2f8404 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 22 Dec 2018 16:43:48 +0000 Subject: [PATCH 07/23] fix(deps): update dependency debug to v4.1.1 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index a1932c1..7b32255 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,7 @@ "main": "index.js", "dependencies": { "axios": "0.18.0", - "debug": "4.1.0", + "debug": "4.1.1", "express": "4.16.3" }, "devDependencies": { From 75efde10e6041397fbb4055d171f16c16e1a4622 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 11 Jan 2019 02:55:41 +0000 Subject: [PATCH 08/23] chore(deps): update dependency telegraf to v3.26.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 7b32255..dc9247a 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,7 @@ "express": "4.16.3" }, "devDependencies": { - "telegraf": "3.25.5", + "telegraf": "3.26.0", "mocha": "5.2.0" }, "scripts": { From a4355435da22c50f875266f0cee1d696d35ede6a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 30 Jan 2019 20:41:43 +0000 Subject: [PATCH 09/23] chore(deps): update dependency telegraf to v3.27.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index dc9247a..1b608a1 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,7 @@ "express": "4.16.3" }, "devDependencies": { - "telegraf": "3.26.0", + "telegraf": "3.27.0", "mocha": "5.2.0" }, "scripts": { From b117ebf3c53986dff4a21d8a383ab26bca95b859 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 6 Feb 2019 04:09:13 +0000 Subject: [PATCH 10/23] chore(deps): update dependency telegraf to v3.27.1 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 1b608a1..f0b62d9 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,7 @@ "express": "4.16.3" }, "devDependencies": { - "telegraf": "3.27.0", + "telegraf": "3.27.1", "mocha": "5.2.0" }, "scripts": { From b56fefbb1128e640e3ac1408995fff5c19d5a4a5 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 21 Feb 2019 20:10:50 +0000 Subject: [PATCH 11/23] chore(deps): update dependency mocha to v6 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index f0b62d9..5bb02f5 100644 --- a/package.json +++ b/package.json @@ -10,7 +10,7 @@ }, "devDependencies": { "telegraf": "3.27.1", - "mocha": "5.2.0" + "mocha": "6.0.1" }, "scripts": { "test": "mocha --exit --timeout 100000" From 65858145362d62c76c5435cb3d331f5d2b657d74 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 25 Feb 2019 18:24:57 +0000 Subject: [PATCH 12/23] chore(deps): update dependency mocha to v6.0.2 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 5bb02f5..f14892e 100644 --- a/package.json +++ b/package.json @@ -10,7 +10,7 @@ }, "devDependencies": { "telegraf": "3.27.1", - "mocha": "6.0.1" + "mocha": "6.0.2" }, "scripts": { "test": "mocha --exit --timeout 100000" From 1005ebc124481305f76a918283d66c9190914d3f Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 30 Mar 2019 08:19:47 +0000 Subject: [PATCH 13/23] chore(deps): update dependency telegraf to v3.28.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index f14892e..4107f62 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,7 @@ "express": "4.16.3" }, "devDependencies": { - "telegraf": "3.27.1", + "telegraf": "3.28.0", "mocha": "6.0.2" }, "scripts": { From ce46c64e042e1636f6a80149a85bed78318105f1 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 7 Apr 2019 15:44:33 +0000 Subject: [PATCH 14/23] chore(deps): update dependency mocha to v6.1.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 4107f62..250d1bb 100644 --- a/package.json +++ b/package.json @@ -10,7 +10,7 @@ }, "devDependencies": { "telegraf": "3.28.0", - "mocha": "6.0.2" + "mocha": "6.1.0" }, "scripts": { "test": "mocha --exit --timeout 100000" From 338f7ea2e57e46d416573e942a26722c62ea8239 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 7 Apr 2019 22:51:43 +0000 Subject: [PATCH 15/23] chore(deps): update dependency mocha to v6.1.1 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 250d1bb..0f74960 100644 --- a/package.json +++ b/package.json @@ -10,7 +10,7 @@ }, "devDependencies": { "telegraf": "3.28.0", - "mocha": "6.1.0" + "mocha": "6.1.1" }, "scripts": { "test": "mocha --exit --timeout 100000" From afb21c00daea04ce04e91a755109bb704e161bff Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 14 Apr 2019 17:44:47 +0000 Subject: [PATCH 16/23] chore(deps): update dependency telegraf to v3.29.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 0f74960..0c16c47 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,7 @@ "express": "4.16.3" }, "devDependencies": { - "telegraf": "3.28.0", + "telegraf": "3.29.0", "mocha": "6.1.1" }, "scripts": { From a15c4ff7d1660ed2b123409be040d07e61b5130b Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 6 May 2019 02:59:42 +0000 Subject: [PATCH 17/23] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-AXIOS-174505 --- .snyk | 8 ++++++++ package.json | 10 +++++++--- 2 files changed, 15 insertions(+), 3 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..ac8127c --- /dev/null +++ b/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.13.3 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-AXIOS-174505: + - axios: + patched: '2019-05-06T02:59:41.072Z' diff --git a/package.json b/package.json index 0c16c47..abfd2a5 100644 --- a/package.json +++ b/package.json @@ -6,14 +6,17 @@ "dependencies": { "axios": "0.18.0", "debug": "4.1.1", - "express": "4.16.3" + "express": "4.16.3", + "snyk": "^1.161.1" }, "devDependencies": { "telegraf": "3.29.0", "mocha": "6.1.1" }, "scripts": { - "test": "mocha --exit --timeout 100000" + "test": "mocha --exit --timeout 100000", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "repository": { "type": "git", @@ -31,5 +34,6 @@ "bugs": { "url": "https://github.com/TiagoDanin/Telegraf-Test/issues" }, - "homepage": "https://github.com/TiagoDanin/Telegraf-Test#readme" + "homepage": "https://github.com/TiagoDanin/Telegraf-Test#readme", + "snyk": true } From d6de006437784fd98417ea4a0fcc53437cc637f9 Mon Sep 17 00:00:00 2001 From: Tiago Danin Date: Sat, 11 May 2019 15:28:25 -0300 Subject: [PATCH 18/23] fix(deps): trust packages --- package.json | 76 ++++++++++++++++++++++++++-------------------------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/package.json b/package.json index abfd2a5..d4c4a39 100644 --- a/package.json +++ b/package.json @@ -1,39 +1,39 @@ { - "name": "telegraf-test", - "version": "1.1.0", - "description": "Telegraf Test - Simple Test ToolKit of Telegram Bots", - "main": "index.js", - "dependencies": { - "axios": "0.18.0", - "debug": "4.1.1", - "express": "4.16.3", - "snyk": "^1.161.1" - }, - "devDependencies": { - "telegraf": "3.29.0", - "mocha": "6.1.1" - }, - "scripts": { - "test": "mocha --exit --timeout 100000", - "snyk-protect": "snyk protect", - "prepublish": "npm run snyk-protect" - }, - "repository": { - "type": "git", - "url": "git+https://github.com/TiagoDanin/Telegraf-Test.git" - }, - "keywords": [ - "telegraf", - "test", - "telegram", - "framework", - "toolkit" - ], - "author": "Tiago Danin", - "license": "MIT", - "bugs": { - "url": "https://github.com/TiagoDanin/Telegraf-Test/issues" - }, - "homepage": "https://github.com/TiagoDanin/Telegraf-Test#readme", - "snyk": true -} + "name": "telegraf-test", + "version": "1.1.0", + "description": "Telegraf Test - Simple Test ToolKit of Telegram Bots", + "main": "index.js", + "dependencies": { + "axios": "^0.18.0", + "debug": "^4.1.1", + "express": "^4.16.3", + "snyk": "^1.161.1" + }, + "devDependencies": { + "telegraf": "^3.29.0", + "mocha": "6.1.1" + }, + "scripts": { + "test": "mocha --exit --timeout 100000", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" + }, + "repository": { + "type": "git", + "url": "git+https://github.com/TiagoDanin/Telegraf-Test.git" + }, + "keywords": [ + "telegraf", + "test", + "telegram", + "framework", + "toolkit" + ], + "author": "Tiago Danin", + "license": "MIT", + "bugs": { + "url": "https://github.com/TiagoDanin/Telegraf-Test/issues" + }, + "homepage": "https://github.com/TiagoDanin/Telegraf-Test#readme", + "snyk": true +} \ No newline at end of file From 2c4cf7a8f908b8f4f9b7ee4b07ee27678e73e294 Mon Sep 17 00:00:00 2001 From: Tiago Danin Date: Sat, 11 May 2019 15:46:00 -0300 Subject: [PATCH 19/23] fix(renovate): enabled vulnerabilityAlerts & statusCheckVerify & rangeStrategy --- renovate.json | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/renovate.json b/renovate.json index 9300a8f..9317ebe 100644 --- a/renovate.json +++ b/renovate.json @@ -1,11 +1,17 @@ { - "extends": [ - "config:base" - ], - "assignees": [ - "TiagoDanin" - ], - "labels": [ - "renovate" - ] + "extends": [ + "config:base" + ], + "assignees": [ + "TiagoDanin" + ], + "labels": [ + "renovate" + ], + "rangeStrategy": "bump", + "statusCheckVerify": true, + "vulnerabilityAlerts": { + "labels": ["security"], + "assignees": ["TiagoDanin"] + } } From 3993482ca3b277ecdf9b567b401e666e6aae0f00 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 26 May 2019 04:28:16 +0000 Subject: [PATCH 20/23] fix(deps): update dependency express to ^4.17.1 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index d4c4a39..5c1a470 100644 --- a/package.json +++ b/package.json @@ -6,7 +6,7 @@ "dependencies": { "axios": "^0.18.0", "debug": "^4.1.1", - "express": "^4.16.3", + "express": "^4.17.1", "snyk": "^1.161.1" }, "devDependencies": { From 0e3aeedc87ff254f95b537870e825a6169357bc2 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 31 May 2019 23:19:48 +0000 Subject: [PATCH 21/23] chore(deps): update dependency telegraf to ^3.30.1 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index d4c4a39..5d9372f 100644 --- a/package.json +++ b/package.json @@ -10,7 +10,7 @@ "snyk": "^1.161.1" }, "devDependencies": { - "telegraf": "^3.29.0", + "telegraf": "^3.30.1", "mocha": "6.1.1" }, "scripts": { From 4eeb3de90296de593c42bcf45c66b7ec2ef11413 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 8 Jun 2019 17:21:57 +0000 Subject: [PATCH 22/23] chore(deps): update dependency mocha to v6.1.4 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index c6635ee..dc2a2d6 100644 --- a/package.json +++ b/package.json @@ -11,7 +11,7 @@ }, "devDependencies": { "telegraf": "^3.30.1", - "mocha": "6.1.1" + "mocha": "6.1.4" }, "scripts": { "test": "mocha --exit --timeout 100000", From ba503efbe520e3dcbd8e2d7ba58aa569702442fb Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 8 Jun 2019 17:22:31 +0000 Subject: [PATCH 23/23] fix(deps): update dependency axios --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index dc2a2d6..abdd9fd 100644 --- a/package.json +++ b/package.json @@ -4,7 +4,7 @@ "description": "Telegraf Test - Simple Test ToolKit of Telegram Bots", "main": "index.js", "dependencies": { - "axios": "^0.18.0", + "axios": "^0.18.1", "debug": "^4.1.1", "express": "^4.17.1", "snyk": "^1.161.1"