[Snyk] Security upgrade @slack/bolt from 1.3.0 to 2.0.0

[chrismilleruk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	Yes	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @slack/bolt

The new version differs by 250 commits.

• 517815e v2.0.0
• 43b8b78 Merge pull request #454 from slackapi/@ slack/bolt@next
• 027686d Merge pull request #452 from stevengill/minTypeScript
• 55ad660 Apply suggestions from code review
• 165f58c set minimum version of TypeScript to 3.7.0
• 235e792 Merge pull request #444 from stevengill/processBeforeResponse
• 0f9c342 updated tests
• 8a9abc2 updated based on feedback
• 1ce57b1 added processBeforeResponse flag to ExpressReceiver to better support Faas
• 628cda8 Merge pull request #449 from stevengill/migrationguide
• d6966c9 added bolt@1.x support schedule to migration guide
• 56f0416 Merge pull request #446 from aoberoi/v2-App-handleError-private
• 4dfd12b Merge pull request #440 from aoberoi/v2-refactor-middleware-processing
• d4c9fae changes App.handleError() to a private method
• edfcfbc Merge branch '@ slack/bolt@next' into v2-refactor-middleware-processing
• a39828f take a penny, leave a penny: moar coverage
• b7b7607 increase test coverage, fix bug with single listener errors
• ffb48ee Merge pull request #445 from seratch/migration-guide-ja
• 13cbd88 fix errors in integration tests
• 9a3fd0b Merge pull request #442 from stevengill/migrationguide
• 572d8e8 Merge branch '@ slack/bolt@next' into v2-refactor-middleware-processing
• 9a74f9e Adds tests for multiple listener error behavior, fixes bugs
• f9c07d9 Apply suggestions from code review
• 2e8d09d Apply the changes corresponding to the suggestions https://github.com/added migration guide for Bolt@2.x slackapi/bolt-js#442

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-Side Request Forgery (SSRF)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Poisoning