Fix various dependabot alerts

apps/webapp/package.json

@@ -92,7 +92,7 @@
     "@remix-run/serve": "2.1.0",
     "@remix-run/server-runtime": "2.1.0",
     "@remix-run/v1-meta": "^0.1.3",
-    "@slack/web-api": "^6.8.1",
+    "@slack/web-api": "7.9.1",
     "@socket.io/redis-adapter": "^8.3.0",
     "@splinetool/react-spline": "^2.2.6",
     "@tabler/icons-react": "^2.39.0",
@@ -146,10 +146,10 @@
     "non.geist": "^1.0.2",
     "ohash": "^1.1.3",
     "openai": "^4.33.1",
-    "parse-duration": "^1.1.0",
+    "parse-duration": "^2.1.0",
     "p-limit": "^6.2.0",
     "posthog-js": "^1.93.3",
-    "posthog-node": "^3.1.3",
+    "posthog-node": "4.17.1",
     "prism-react-renderer": "^2.3.1",
     "prismjs": "^1.29.0",
     "prom-client": "^15.1.0",

apps/webapp/server.ts

@@ -129,6 +129,10 @@ if (process.env.HTTP_SERVER_DISABLED !== "true") {
   });
 
   server.keepAliveTimeout = 65 * 1000;
+  // Mitigate against https://github.com/triggerdotdev/trigger.dev/security/dependabot/128
+  // by not allowing 2000+ headers to be sent and causing a DoS
+  // headers will instead be limited by the maxHeaderSize
+  server.maxHeadersCount = 0;
 
   process.on("SIGTERM", () => {
     server.close((err) => {

references/d3-chat/package.json

@@ -23,7 +23,7 @@
     "@ai-sdk/openai": "1.3.3",
     "@e2b/code-interpreter": "^1.1.0",
     "@radix-ui/react-avatar": "^1.1.3",
-    "@slack/web-api": "^6.8.1",
+    "@slack/web-api": "7.9.1",
     "@trigger.dev/python": "workspace:*",
     "@trigger.dev/react-hooks": "workspace:*",
     "@trigger.dev/sdk": "workspace:*",

references/d3-openai-agents/package.json

@@ -18,7 +18,7 @@
   },
   "dependencies": {
     "@ai-sdk/openai": "1.3.3",
-    "@slack/web-api": "^6.8.1",
+    "@slack/web-api": "7.9.1",
     "@trigger.dev/python": "workspace:*",
     "@trigger.dev/react-hooks": "workspace:*",
     "@trigger.dev/sdk": "workspace:*",