Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump axios version to 0.21.2 or higher for better security #1162

Merged
merged 1 commit into from
Oct 16, 2021
Merged

Bump axios version to 0.21.2 or higher for better security #1162

merged 1 commit into from
Oct 16, 2021

Conversation

xmariopereira
Copy link
Contributor

@xmariopereira xmariopereira commented Oct 15, 2021
edited
Loading

Hi team,

NPM audit is throwing a high severity vulnerability in node-slack-sdk and with bolt-js dependency packages.

I hope it helps.

@seratch seratch added enhancement M-T: A feature request for new functionality security labels Oct 16, 2021
@seratch seratch added this to the 3.8.0 milestone Oct 16, 2021
@seratch seratch self-assigned this Oct 16, 2021
@seratch seratch self-requested a review October 16, 2021 01:24
seratch
seratch approved these changes Oct 16, 2021
View reviewed changes
Copy link
Member

@seratch seratch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Once the CI builds pass, we can merge this PR.

@codecov
Copy link

codecov bot commented Oct 16, 2021
edited
Loading

Codecov Report

Merging #1162 (88fb3ff) into main (b696c72) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##             main    #1162   +/-   ##
=======================================
  Coverage   71.71%   71.71%           
=======================================
  Files          15       15           
  Lines        1354     1354           
  Branches      402      402           
=======================================
  Hits          971      971           
  Misses        312      312           
  Partials       71       71

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b696c72...88fb3ff. Read the comment docs.

@seratch seratch merged commit 9d356c1 into slackapi:main Oct 16, 2021
@seratch seratch changed the title to fix: https://github.com/advisories/GHSA-cph5-m8f7-6c5x Bump axios version to 0.21.2 or higher for better security Nov 2, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@seratch seratch seratch approved these changes

Assignees

@seratch seratch

Labels
enhancement M-T: A feature request for new functionality security
Projects
None yet
Milestone
3.8.0
Development

Successfully merging this pull request may close these issues.
2 participants
@xmariopereira @seratch