@overpod/mcp-telegram 1.36.1 → 1.36.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +23 -0
- package/package.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,29 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [1.36.3] — 2026-05-10
|
|
9
|
+
|
|
10
|
+
### Fixed
|
|
11
|
+
|
|
12
|
+
- CI-only fix. The `publish-binaries` job in `.github/workflows/publish.yml` failed for v1.36.2 because `bun install --frozen-lockfile` rejected the `@biomejs/biome` 2.4.14 → 2.4.15 drift in `package.json` (since the bump went through `npm install` which doesn't touch `bun.lock`). Dropped `--frozen-lockfile` from the compile-only job (npm consumers are unaffected — that job already validated the dependency tree via `npm ci` against `package-lock.json`). Bun runner version bumped 1.3.11 → 1.3.13 to pick up registry resolver fixes.
|
|
13
|
+
|
|
14
|
+
No code changes since v1.36.2. This release exists only to re-trigger `publish-binaries` against the corrected workflow.
|
|
15
|
+
|
|
16
|
+
## [1.36.2] — 2026-05-10
|
|
17
|
+
|
|
18
|
+
### Changed
|
|
19
|
+
|
|
20
|
+
- Dependency updates (no behavioral changes, no API surface changes):
|
|
21
|
+
- `@biomejs/biome` `^2.4.14` → `^2.4.15` (devDep, lint/format only)
|
|
22
|
+
- `biome.json` schema bumped to 2.4.15 via `biome migrate --write`
|
|
23
|
+
- `npm audit fix` resolved 9 transitive advisories pulled in via `@modelcontextprotocol/sdk`:
|
|
24
|
+
- `hono` 4.12.9 → 4.12.18 (CSS injection in JSX SSR, JWT NumericDate, Cache `Vary`, etc.)
|
|
25
|
+
- `fast-uri` 3.1.0 → 3.1.2 (host confusion + path traversal)
|
|
26
|
+
- `ip-address` 10.1.0 → 10.2.0 (Address6 HTML XSS)
|
|
27
|
+
- `@hono/node-server` 1.19.11 → 1.19.14 (middleware bypass via repeated slashes)
|
|
28
|
+
- `express-rate-limit` 8.3.1 → 8.5.1
|
|
29
|
+
- 3 remaining moderate advisories in `vitepress → vite → esbuild` are dev-only (docs site) with no upstream fix available.
|
|
30
|
+
|
|
8
31
|
## [1.36.1] — 2026-05-04
|
|
9
32
|
|
|
10
33
|
### Fixed
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@overpod/mcp-telegram",
|
|
3
|
-
"version": "1.36.
|
|
3
|
+
"version": "1.36.3",
|
|
4
4
|
"description": "MCP server for Telegram userbot — messages, media, reactions, polls & more. Built on GramJS/MTProto.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -66,7 +66,7 @@
|
|
|
66
66
|
"zod": "^4.4.3"
|
|
67
67
|
},
|
|
68
68
|
"devDependencies": {
|
|
69
|
-
"@biomejs/biome": "^2.4.
|
|
69
|
+
"@biomejs/biome": "^2.4.15",
|
|
70
70
|
"@types/node": "^25.6.0",
|
|
71
71
|
"@types/qrcode": "^1.5.6",
|
|
72
72
|
"c8": "^11.0.0",
|