[Snyk] Upgrade tmi.js from 1.7.2 to 1.8.5

[snyk-bot]

Snyk has created this PR to upgrade tmi.js from 1.7.2 to 1.8.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 9 versions ahead of your current version.
• The recommended version was released 2 years ago, on 2021-08-18.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: tmi.js

• 1.8.5 - 2021-08-18
  

  v1.8.5

  • d9a3d63 Fix emoteset update timer not using sets.
• 1.8.4 - 2021-08-11
  

  v1.8.4

  • 4a21293 Removed union from utils as it only had a single use in the library. These util functions shouldn't be used outside of the library but worth mentioning.
  • b44286d Allow passing an HTTP proxy agent instance to node-fetch (Node) at the option connection.fetchAgent. Feedback on this is very welcomed, please open an issue if it doesn't work.
  • 643b2c9 Allow passing an HTTP proxy agent instance to ws (Node) at the option connection.agent. #209 #380 See this example on https-proxy-agent for more detail and available options. Feedback on this is very welcomed, please open an issue if it doesn't work.

  const HttpsProxyAgent = require('https-proxy-agent');
  const agent = new HttpsProxyAgent(proxyOptions);
  const client = new tmi.Client({ connection: { agent } });
  client.connect();

  • a3343ec Fix for some channels returning empty mod/VIP lists, potentially because all accounts on the list are closed/banned. #480
  • b477c6a Upgrade dependencies. (Notable: ws v7.4.3 -> v8.0.0)
    • ca392a0 And tests to match
  • 697c9d6 Update NOTICE msg-ids for ban/timeout anon/mod.
• 1.8.3 - 2021-04-19
  

  v1.8.3

  • b9a9a70 Clear emotesets timer
• 1.8.2 - 2021-04-15
  

  v1.8.2 [Deprecated]

  • 826e105 Remove async/await code from client._updateEmoteset. #463

  v1.8.1

  • 28be1a7 Revert class and destructuring syntax.
• 1.8.1 - 2021-04-13
  

  Release 1.8.1

• 1.8.0 - 2021-04-13
  

  v1.8.0

  • f9a5b3a The option connection.reconnect is now true by default.
  • 43900a9 Added option options.skipMembership (false by default) to not receive JOIN/PART messages for other users. This can reduce a lot of the spammy data that's getting blasted at the client.

  const client = new tmi.Client({ options: { skipMembership: true } });

  • c74c2bb
    • Added option options.skipUpdatingEmotesets (false by default) to skip calling the emoticon_images API which can be a lot of data. The emotesets event will still be called but the second argument will just be an empty object.
    • Added option options.updateEmotesetsTimer (60000 (ms) by default) to change how often the emoticon_images API will be recalled. Set to 0 or a negative number (or false) to disable the timer entirely.

  const client = new tmi.Client({ options: { skipUpdatingEmotesets: true, updateEmotesetsTimer: 0 } });

  • 33c15c7 The Client has been converted to a class style.

  • ff341d2 Client.prototype.api will now warn on use as it's deprecated and will be removed by the next minor version, 1.9.0. It's not intended to be a great choice for API requests. Either directly use fetch/node-fetch, another request library, or a Twitch-specific library like twitch on npm.

  • 76edfc8 dea8eed 5ea712f f689bc5 Remove various util functions.

  • 8f3a849 Fixed possible case fallthrough bug.

  • efc6cdb Add eslint (and many more commits related to facelifting the repo)

  v1.7.5

  • 9d8ca1c Add "sub" alias for "subscription" event
• 1.7.5 - 2021-03-08
  

  Release 1.7.5

• 1.7.4 - 2021-03-08
  

  Release 1.7.4

• 1.7.3 - 2021-03-06
  

  v1.7.3

  • 3e46332 Added the event "globaluserstate". See the Twitch docs on the tags for the GLOBALUSERSTATE IRC command. These tags have always been available via client.globaluserstate after the command but hasn't been emitted.

  client.on('globaluserstate', tags => {
      console.log('Hello, I am', tags['display-name']); // Hello, I am Alca
  });

  • #461 Fixed a rare issue when a tag that is to be IRC unescaped is not a string.
  • 989bdad Updated dependencies (package-lock)
• 1.7.2 - 2021-02-25
  

  v1.7.2

  • #456 Add Accept header to Kraken emoticon_images request.
  • #458 Assume connection success on MOTD end, not MOTD line.
  • e85809b Upgrade dependencies.

from tmi.js GitHub release notes

Commit messages

Package name: tmi.js

• e4547c0 Release 1.8.5
• b9ab3aa package: update dependencies
• d9a3d63 client: fix emoteset update timer not using sets
• 150fbbc Release v1.8.4
• 31b68f7 various: match function style across parser/utils
• 412258f utils: move static regex
• 4a21293 utils: remove union
• dcbdeea github: adjust issue template config section
• 2a66500 client: pass null for default delay
• ee4c347 readme: remove default options from example
• b44286d various: add opts.connection.fetchAgent support
• 643b2c9 client: add opts.connection.agent support #380
• a3343ec client: some channels return empty lists #480
• ca392a0 tests: update tests
• b477c6a package: update dependencies
• 697c9d6 client: update notice msg-ids
• ff6fd7b Release 1.8.3
• 46f52ba package-lock: update dependencies
• b9a9a70 client: clear emotesets timers on error/close
• 45aea82 Release 1.8.2
• 826e105 client: revert _updateEmoteset from async syntax
• 7785899 Release 1.8.1
• 28be1a7 revert: class and destructuring syntax
• 738eb24 Release 1.8.0

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs