[Snyk] Security upgrade solana-agent-kit from 1.3.0 to 2.0.1

[SMSDAO]

Snyk has created this PR to fix 1 vulnerabilities in the pnpm dependencies of this project.

Snyk changed the following file(s):

• examples/tg-bot-starter/advanced-tg-bot/package.json

⚠️ Warning

Failed to update the pnpm-lock.yaml, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Prototype Pollution SNYK-JS-LODASH-15053838	631

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	react@​19.0.0 ⏵ 19.2.3

View full report

[Copilot]

Pull request overview

Upgrades the solana-agent-kit dependency in the advanced Telegram bot starter example to address a reported transitive vulnerability.

Changes:

• Bump solana-agent-kit from ^1.3.0 to ^2.0.1 in examples/tg-bot-starter/advanced-tg-bot/package.json.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

solana-agent-kit was bumped to ^2.0.1, but examples/tg-bot-starter/advanced-tg-bot/pnpm-lock.yaml is still pinned to solana-agent-kit@1.3.0 (see lockfile entry around line ~2123). Please update and commit this package’s pnpm-lock.yaml so installs are reproducible and the security fix actually takes effect.