Skip to content

[Snyk] Security upgrade @slack/bolt from 3.11.1 to 3.15.0#5

Open
jakeortega wants to merge 1 commit intomainfrom
snyk-fix-4a62bd3cb7295d04a4feb48ed8630fb0
Open

[Snyk] Security upgrade @slack/bolt from 3.11.1 to 3.15.0#5
jakeortega wants to merge 1 commit intomainfrom
snyk-fix-4a62bd3cb7295d04a4feb48ed8630fb0

Conversation

@jakeortega
Copy link
Owner

@jakeortega jakeortega commented Nov 15, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 676/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.1		 Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @slack/bolt The new version differs by 158 commits.
  • 5df8393 Release @ slack/bolt@3.15.0 (#1996)
  • a3c679a Add files to view.state.values in TS (#1995)
  • ad14372 Update mocha and web-api dependencies. (#1994)
  • 7a0efbd Apply #1992 changes to JP docs
  • e71a57c Fix link in docs (#1992)
  • adbeeb8 Bump @ types/node from 20.8.10 to 20.9.0 (#1990)
  • 45d651f Update axios (#1986)
  • 9330f2d Bump @ types/node from 20.8.9 to 20.8.10 (#1987)
  • 65bd892 Bump @ types/node from 20.8.7 to 20.8.9 (#1982)
  • fa20dde Bump @ types/node from 20.8.6 to 20.8.7 (#1979)
  • e2ac3ac Include an example of using middleware with the `ExpressReceiver` (#1973)
  • f104c0b Allow a custom `SocketModeReceiver` to be used with Socket Mode (#1972)
  • 2b259a9 Bump @ types/node from 20.8.3 to 20.8.6 (#1970)
  • 0a5de4e Bump @ types/node from 20.8.0 to 20.8.3 (#1966)
  • b9d4c5b Add rich_text_input block payload support (#1963)
  • f0d4960 Apply code formatter
  • 4a4ff25 Bump @ types/node from 20.6.5 to 20.8.0 (#1962)
  • 44c5e01 fix: options constraint has wrong type definition (#1940)
  • 3684846 Remove beta documentation (#1961)
  • cb87409 Bump @ types/node from 20.6.2 to 20.6.5 (#1958)
  • ce77d6b Release: @ slack/bolt@3.14.0 (#1956)
  • 7e59dba Expose useful functions (#1955)
  • 51ee0b5 Actually update the CLA link
  • ef3de0b Update contributing.md with correct link to CLA

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Request Forgery (CSRF)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jakeortega @snyk-bot