Skip to content

Bump axios version to 0.21.2 or higher for better security#1162

Merged
seratch merged 1 commit intoslackapi:mainfrom
xmariopereira:main
Oct 16, 2021
Merged

Bump axios version to 0.21.2 or higher for better security#1162
seratch merged 1 commit intoslackapi:mainfrom
xmariopereira:main

Conversation

@xmariopereira
Copy link
Contributor

@xmariopereira xmariopereira commented Oct 15, 2021
edited
Loading

Hi team,

NPM audit is throwing a high severity vulnerability in node-slack-sdk and with bolt-js dependency packages.

I hope it helps.

@seratch seratch added enhancement M-T: A feature request for new functionality security labels Oct 16, 2021
@seratch seratch added this to the 3.8.0 milestone Oct 16, 2021
@seratch seratch self-assigned this Oct 16, 2021
@seratch seratch self-requested a review October 16, 2021 01:24
seratch
seratch approved these changes Oct 16, 2021
View reviewed changes
Copy link
Contributor

@seratch seratch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Once the CI builds pass, we can merge this PR.

@codecov
Copy link

codecov bot commented Oct 16, 2021
edited
Loading

Codecov Report

Merging #1162 (88fb3ff) into main (b696c72) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##             main    #1162   +/-   ##
=======================================
  Coverage   71.71%   71.71%           
=======================================
  Files          15       15           
  Lines        1354     1354           
  Branches      402      402           
=======================================
  Hits          971      971           
  Misses        312      312           
  Partials       71       71

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b696c72...88fb3ff. Read the comment docs.

@seratch seratch merged commit 9d356c1 into slackapi:main Oct 16, 2021
@seratch seratch changed the title to fix: https://github.com/advisories/GHSA-cph5-m8f7-6c5x Bump axios version to 0.21.2 or higher for better security Nov 2, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@seratch seratch seratch approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@seratch seratch

Labels

enhancement M-T: A feature request for new functionality security

Projects

None yet

Milestone

3.8.0

Development

Successfully merging this pull request may close these issues.

2 participants

@xmariopereira @seratch