Medium vulnerability : Update Axios to 1.7.8

[s-dupuis]

Axios fixed this vulnerability in axios/axios#6714.

Packages:

Select all that apply:

• @slack/web-api
• @slack/rtm-api
• @slack/webhooks
• @slack/oauth
• @slack/socket-mode
• @slack/types
• I don't know

Requirements

Please read the Contributing guidelines and Code of Conduct before creating this issue or pull request. By submitting, you are agreeing to those rules.

[hello-ashleyintech]

Hi, @s-dupuis! 👋 Thanks for submitting this.

I will come out with a PR to bump the minimum version of Axios in the webhook package to 1.7.8 shortly. If the package is ready to release, I will also release it!

[hello-ashleyintech]

Also looks like this needs to be updated for web-api interactive-messages - this is deprecated, so just web-api in addition to webhook!

[zimeg]

Bumping to 1.7.8 seems good - I'm not sure if the changes in 1.7.9 are needed - but I'm wondering where this was noted as a major vulnerability? 🤔

@s-dupuis The issues linked in that PR hint at this being a possible warning, but I'm not finding a CVE for it. Do you know if this might've been posted somewhere?

[hello-ashleyintech]

@zimeg I'm seeing Snyk listing it as a medium vuln (versions <1.7.8) here!

[hello-ashleyintech]

Whoops, for some reason this auto-closed although I just merged the PR only. I will be releasing web-api and webhook versions with this updated version tomorrow! Also as surfaced by @zimeg I'll take a look at Bolt JS to see if we need to update the min axios version there too!

[s-dupuis]

@zimeg @hello-ashleyintech I made a mistake when creating this issue, this is indeed a medium vulnerability. Thank you for the quick fix !

[hello-ashleyintech]

PR to release: #2118

[hello-ashleyintech]

This has now been released to @slack/[email protected] and @slack/[email protected], both available on NPM now! ✨ closing this issue since the root of the issue has been resolved- I will be updating these dependency versions in other packages, as well as BoltJS , in separate PRs on Monday!