Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade @slack/bolt from 3.12.2 to 3.15.0 #25

Merged
merged 1 commit into from
Nov 22, 2023
Merged

[Snyk] Security upgrade @slack/bolt from 3.12.2 to 3.15.0 #25

merged 1 commit into from
Nov 22, 2023

Conversation

Jrc356
Copy link
Owner

@Jrc356 Jrc356 commented Nov 16, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 676/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.1		 Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @slack/bolt The new version differs by 102 commits.
  • 5df8393 Release @ slack/[email protected] (#1996)
  • a3c679a Add files to view.state.values in TS (#1995)
  • ad14372 Update mocha and web-api dependencies. (#1994)
  • 7a0efbd Apply #1992 changes to JP docs
  • e71a57c Fix link in docs (#1992)
  • adbeeb8 Bump @ types/node from 20.8.10 to 20.9.0 (#1990)
  • 45d651f Update axios (#1986)
  • 9330f2d Bump @ types/node from 20.8.9 to 20.8.10 (#1987)
  • 65bd892 Bump @ types/node from 20.8.7 to 20.8.9 (#1982)
  • fa20dde Bump @ types/node from 20.8.6 to 20.8.7 (#1979)
  • e2ac3ac Include an example of using middleware with the `ExpressReceiver` (#1973)
  • f104c0b Allow a custom `SocketModeReceiver` to be used with Socket Mode (#1972)
  • 2b259a9 Bump @ types/node from 20.8.3 to 20.8.6 (#1970)
  • 0a5de4e Bump @ types/node from 20.8.0 to 20.8.3 (#1966)
  • b9d4c5b Add rich_text_input block payload support (#1963)
  • f0d4960 Apply code formatter
  • 4a4ff25 Bump @ types/node from 20.6.5 to 20.8.0 (#1962)
  • 44c5e01 fix: options constraint has wrong type definition (#1940)
  • 3684846 Remove beta documentation (#1961)
  • cb87409 Bump @ types/node from 20.6.2 to 20.6.5 (#1958)
  • ce77d6b Release: @ slack/[email protected] (#1956)
  • 7e59dba Expose useful functions (#1955)
  • 51ee0b5 Actually update the CLA link
  • ef3de0b Update contributing.md with correct link to CLA

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Request Forgery (CSRF)

@Jrc356 Jrc356 merged commit f1a54a7 into main Nov 22, 2023
2 checks passed
@Jrc356 Jrc356 deleted the snyk-fix-a9080885080be9d359e2d45d635bbb3a branch November 22, 2023 00:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Jrc356 @snyk-bot