Skip to content

Update webhook and web-api dependencies in oauth, rtm-api, and socket-mode #2119

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
hello-ashleyintech merged 2 commits into from
Dec 9, 2024
Merged

Update webhook and web-api dependencies in oauth, rtm-api, and socket-mode #2119

hello-ashleyintech merged 2 commits into from
Dec 9, 2024

Conversation

@hello-ashleyintech
Copy link
Contributor

@hello-ashleyintech hello-ashleyintech commented Dec 9, 2024
edited
Loading

Summary

With medium security vulns upgrades causing version bumps in webhook and web-api (#2118), we can now update other packages that have these dependencies to the latest!

Once this PR is merged and rtm-api, oauth, and socket-mode patch versions are released, bolt-js will be updated with the latest versions of each of these.

Requirements (place an x in each [ ])

@hello-ashleyintech hello-ashleyintech requested review from a team and zimeg December 9, 2024 17:46
@codecov
Copy link

codecov bot commented Dec 9, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91.66%. Comparing base (1f8e880) to head (cfe277a).
Report is 2 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #2119   +/-   ##
=======================================
  Coverage   91.66%   91.66%           
=======================================
  Files          38       38           
  Lines       10317    10317           
  Branches      647      647           
=======================================
  Hits         9457     9457           
  Misses        848      848           
  Partials       12       12
Flag Coverage Δ
cli-hooks 95.24% <ø> (ø)
cli-test 94.48% <ø> (ø)
oauth 77.39% <ø> (ø)
socket-mode 58.22% <ø> (ø)
web-api 96.88% <ø> (ø)
webhook 96.65% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

WilliamBergamin
WilliamBergamin requested changes Dec 9, 2024
View reviewed changes
Copy link
Contributor

@WilliamBergamin WilliamBergamin left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good 💯 thanks for working on this!!

But I'm not sure we should include the update for the legacy client it may cause a breaking change

packages/client/package.json Outdated
Comment on lines 51 to 52
"@slack/web-api": "^7.8.0",
"@slack/webhook": "^7.0.4"
Copy link
Contributor

@WilliamBergamin WilliamBergamin Dec 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we don't support the @slack/client anymore but I'm not sure what this means for security update 🤔

I think this major update might be a breaking change, the client test strategy might be insufficient to detect this

Copy link
Contributor Author

@hello-ashleyintech hello-ashleyintech Dec 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ahhhh yes yes, you're right! 🙌 it's also marked as deprecated on npm, so I'll revert these changes!

@hello-ashleyintech hello-ashleyintech changed the title Update webhook and web-api dependencies in client, oauth, rtm-api, and socket-mode Update webhook and web-api dependencies in oauth, rtm-api, and socket-mode Dec 9, 2024
WilliamBergamin
WilliamBergamin approved these changes Dec 9, 2024
View reviewed changes
Copy link
Contributor

@WilliamBergamin WilliamBergamin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm 👍

@zimeg zimeg added semver:patch pkg:rtm-api applies to `@slack/rtm-api` pkg:oauth applies to `@slack/oauth` pkg:socket-mode applies to `@slack/socket-mode` dependencies Pull requests that update a dependency file labels Dec 9, 2024
zimeg
zimeg approved these changes Dec 9, 2024
View reviewed changes
Copy link
Member

@zimeg zimeg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎁 Sweet! I'm excited for these releases!

@hello-ashleyintech hello-ashleyintech merged commit 560b5a1 into main Dec 9, 2024
57 checks passed
@hello-ashleyintech hello-ashleyintech deleted the ah-upgrade-deps branch December 9, 2024 20:05
@hello-ashleyintech hello-ashleyintech added this to the [email protected] milestone Dec 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zimeg zimeg zimeg approved these changes

@WilliamBergamin WilliamBergamin WilliamBergamin approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file pkg:oauth applies to `@slack/oauth` pkg:rtm-api applies to `@slack/rtm-api` pkg:socket-mode applies to `@slack/socket-mode` semver:patch

Projects

None yet

Milestone

[email protected]

Development

Successfully merging this pull request may close these issues.

4 participants

@hello-ashleyintech @zimeg @WilliamBergamin