[Snyk] Fix for 1 vulnerabilities

[wasimakh2]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	748/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.1	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @slack/client

The new version differs by 250 commits.

• 891307e Publish
• 55624fd lerna generated SHAs
• a76b3ee Merge pull request Set Max upload size in Settings under Administrator Account RocketChat/Rocket.Chat#756 from slackapi/dev-v5
• 09d6d6f fix a typescript issue from changing from type aliases to interfaces
• 4d3133c remove package locks from examples
• c3e5c8b update examples for testing
• d40c883 remove file accidentally added in merge
• 0d1cd79 Merge branch 'master' into dev-v5
• b6dc555 Merge pull request Allowing the rejecting/allowing of ssl certs to be configurable by the admin RocketChat/Rocket.Chat#755 from aoberoi/find-and-replace
• 65788d2 Merge pull request Add Admin Option to Enable/Disable Trusting Self Signed SSL Certs RocketChat/Rocket.Chat#754 from shanedewael/local-development-tutorial
• 81be95b its amazing what you can find with a little find and replace
• 8c98232 Consolidate cta
• 53861c9 Update docs/_tutorials/local_development.md
• 74b8e77 Update docs/_tutorials/local_development.md
• 200a430 Update docs/_tutorials/local_development.md
• 95cd749 Changes
• 2ee0224 Merge pull request Archive + Freeze Channel RocketChat/Rocket.Chat#752 from aoberoi/scheduled-messages-v5
• 695984a Merge pull request Admin can delete messages (Issue #739) RocketChat/Rocket.Chat#753 from aoberoi/issue-templates-v5
• aa126f0 Merge pull request Server crashes in development mode when statistics cron job fails RocketChat/Rocket.Chat#751 from aoberoi/reference-examples
• 5f7a654 Add table of contents
• e73ad7d Fix links on READMEs
• d1eb873 Local development tutorial
• 17318b2 add warning to maintainers guide
• dd84a72 update issue template to ask for relevant packages

See the full diff

Package name: googleapis

The new version differs by 250 commits.

• 7e3d978 Release v37.0.0 (favico.js update RocketChat/Rocket.Chat#1568)
• ecb2c28 build: check for 404s in the docs (Distinguish Deployment from Development Install RocketChat/Rocket.Chat#1562)
• d49aa49 docs: run the docs command (Unicode regex support RocketChat/Rocket.Chat#1566)
• d1af168 feat: run the generator (Added toAll mentions for yall, everyone, channel, and here RocketChat/Rocket.Chat#1564)
• 9ccda50 chore(deps): update dependency eslint-config-prettier to v4 (Functions rate limiter RocketChat/Rocket.Chat#1565)
• 73f8f9c docs: specify gaxios over axios (Rocket Chat fails to load channels in IE10 RocketChat/Rocket.Chat#1558)
• 7f7f3cf fix(deps): update dependency googleapis-common to ^0.7.0 (Many fixes for RTL RocketChat/Rocket.Chat#1560)
• c62efb1 docs(samples): add people samples for get & create contacts (Too easy to accidentally leave channels RocketChat/Rocket.Chat#1543)
• 2ad63f6 feat: webpack support for all APIs (When User Joins a Call, Mark Them as Busy RocketChat/Rocket.Chat#1554)
• d8ba2ac fix(deps): update googleapis-common and google-auth-library (Add hubot config to docker-compose.yml RocketChat/Rocket.Chat#1556)
• 9742db3 feat: generating webpackable packages (Reset avatar before uploading to prevent caching issues RocketChat/Rocket.Chat#1547)
• e70272c fix(generator): convert method names to camelCase (rocketchat_1 | private group user statistic not found RocketChat/Rocket.Chat#1552)
• 8d9c5d9 docs: fix typo in README.md (Mentioned non-English user names do not get linked RocketChat/Rocket.Chat#1549)
• de464c0 feat: run the generator (Unified channel creation? RocketChat/Rocket.Chat#1541)
• 7e07d11 docs: improve the compute sample in the README (Improvements/performance RocketChat/Rocket.Chat#1537)
• 47056e9 docs(samples): rework the compute list vms sample (Permissions renaming RocketChat/Rocket.Chat#1534)
• 3b612fc fix(test): fix the revoke token test (Secret URL registration. Closes #1507 RocketChat/Rocket.Chat#1532)
• 4115c0f chore(deps): update dependency typedoc to ^0.14.0 ([sandstorm] Cull administrator options RocketChat/Rocket.Chat#1527)
• c61e14d docs: correct the README (FileReader function ignores orientation of images uploaded from mobile. RocketChat/Rocket.Chat#1522)
• 438979a docs: use blogger to demonstrate key authentication (File upload too slow / eating too much resources RocketChat/Rocket.Chat#1519)
• f6edb8e chore: update license file and metadata (Account box customizable items RocketChat/Rocket.Chat#1504)
• 230bb64 chore(build): inject yoshi automation key (Multiple file upload support RocketChat/Rocket.Chat#1503)
• 443662e chore: update nyc and eslint configs (Password reset / recovery is broken RocketChat/Rocket.Chat#1502)
• 413d9ca chore: fix publish.sh permission +x (Update README.md RocketChat/Rocket.Chat#1499)

See the full diff

Package name: twilio

The new version differs by 3 commits.

• ce1c027 Release 4.6.0
• b5204c0 Adding Beta and Preview products to main artifact
• 1168168 [Librarian] Regenerated @ 61e059e9694883693c4919778c1e37947fdb3168

See the full diff

Package name: webdav

The new version differs by 250 commits.

• 0925f7f Prepare v5.0.0
• a1f6129 Update changelog for v5
• ae43cc1 Merge pull request Case insensitive username RocketChat/Rocket.Chat#341 from Pytal/fix/parse-leading-zeros
• 3b08bbc fix(parse): Preserve stringified numbers with leading zeros
• 63e0cff Prepare 5.0.0-r4
• 95b7c33 Update fetch - fix browser usage
• 8d96946 Prepare 5.0.0-r3
• 45a4447 Allow providing external HA1 for digest auth (Slash command handler RocketChat/Rocket.Chat#333)
• bc86f14 Bump version, audit deps
• 1ec885f Update changelog
• 1c1fbda Remove cross-fetch reference
• 830336d Fix firefox/web tests
• ea8c2fa Add CI lint/format testss
• 8faa238 Merge pull request Use Meteor.absoluteUrl() to handle being deployed on a virtual-host.com/folder/ RocketChat/Rocket.Chat#335 from perry-mitchell/feat/fetch_library_upgrade
• 65b58b2 Merge pull request meteor breaks of from running RocketChat/Rocket.Chat#334 from skjnldsv/feat/directory-filter-getdirectorycontents
• bd6dcff Fix tests
• eaabed5 Switch fetch library to @ buttercup/fetch
• ae5cac9 feat(getDirectoryContents): allow returning current directory
• e8e61fd Merge pull request Opening sidebar with big latency RocketChat/Rocket.Chat#331 from caribe/patch-1
• 3bf98a6 Update README.md
• 4ca0929 Fix prepublish
• f4403c4 Prepare 5.0.0-r1
• 2e55df0 Remove duplicate comma
• 40dba36 Merge pull request User administration page RocketChat/Rocket.Chat#327 from perry-mitchell/esm

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Request Forgery (CSRF)

[guardrails]

⚠️ We detected 4 security issues in this pull request:

Vulnerable Libraries (4)

Severity	Details
High	pkg:npm/[email protected] (t) - no patch available
High	pkg:npm/[email protected] (t) - no patch available
Critical	pkg:npm/[email protected] (t) - no patch available
N/A	pkg:npm/[email protected] upgrade to: 39.1.0

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[sweep-ai]

Apply Sweep Rules to your PR?

• Apply: Leftover TODOs in the code should be handled.
• Apply: All new business logic should have corresponding unit tests in the tests/ directory.
• Apply: Any clearly inefficient or repeated code should be optimized or refactored.