Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade @slack/web-api from 6.7.2 to 6.9.1 #6

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade @slack/web-api from 6.7.2 to 6.9.1 #6

wants to merge 1 commit into from

Conversation

zhangpan0907
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 748/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.1		 Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @slack/web-api The new version differs by 121 commits.
  • c80fdc2 slack/web-api@6.9.1 (#1687)
  • 631dd08 Compatibility tweaks for axios v1.+ upgrade.
  • c2eddea chore: update axios in web-api to 1.6.0. See #1682 for more info (#1686)
  • 1374422 Add deprecation comment
  • 7857f26 Update files.upload.v2 internals due to server-side improvements
  • 89b109d Publish @ slack/webhook@7.0.0 (#1669)
  • 85c07d9 @ slack/webhook: set min node to 18, prep for major release (#1666)
  • c32414c Small tweak to maintainer guide on how to generate a changelog for a specific sub-package in a monorepo.
  • b7bad09 Generate the latest web api responses
  • 48f560d Publish @ slack/types@2.9.0 (#1665)
  • 124d8ca Add rich text types (#1643)
  • 208c53f Drop use of deprecated interfaces and use new aliased one. (#1664)
  • d0b04a0 Add a README to the types package. (#1663)
  • e4a291a `@ slack/types` Full JSdoc, deprecate `WorkflowStep`, `Action` (aliased to `Actionable`) and `Confirm` (aliased to `ConfirmationDialog`) and upcoming major version breaking change TODOs as comments (#1662)
  • d2b95ac Update contributing.md with correct CLA link
  • c2fe5b5 Add missing optional args
  • 635bce8 Omit a few weird tests
  • 3015e82 Add admin.* APIs for managing automation platfrom apps
  • 09ef142 Types: split single index.ts file into files based on function/category (#1656)
  • da5da33 types: Adding deprecation notices to Dialogs and Steps From Apps types (#1655)
  • 25fe276 Publish @ slack/logger@4.0.0 (#1651)
  • 783920c Logger updates: dependencies and higher minimum node version (#1650)
  • 6afaae0 Update link to build badge in README.md
  • 801b7ed Set sub-packages into GitHub Workflow matrix and use working-directory instead bash loop

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Request Forgery (CSRF)

@snyk-bot
fix: package.json to reduce vulnerabilities
7493d61 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AXIOS-6032459
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zhangpan0907 @snyk-bot