[Snyk] Fix for 1 vulnerabilities

[hopetambala]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-AXIOS-6144788	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @slack/web-api

The new version differs by 67 commits.

• c80fdc2 slack/web-api@6.9.1 (#1687)
• 631dd08 Compatibility tweaks for axios v1.+ upgrade.
• c2eddea chore: update axios in web-api to 1.6.0. See #1682 for more info (#1686)
• 1374422 Add deprecation comment
• 7857f26 Update files.upload.v2 internals due to server-side improvements
• 89b109d Publish @ slack/webhook@7.0.0 (#1669)
• 85c07d9 @ slack/webhook: set min node to 18, prep for major release (#1666)
• c32414c Small tweak to maintainer guide on how to generate a changelog for a specific sub-package in a monorepo.
• b7bad09 Generate the latest web api responses
• 48f560d Publish @ slack/types@2.9.0 (#1665)
• 124d8ca Add rich text types (#1643)
• 208c53f Drop use of deprecated interfaces and use new aliased one. (#1664)
• d0b04a0 Add a README to the types package. (#1663)
• e4a291a `@ slack/types` Full JSdoc, deprecate `WorkflowStep`, `Action` (aliased to `Actionable`) and `Confirm` (aliased to `ConfirmationDialog`) and upcoming major version breaking change TODOs as comments (#1662)
• d2b95ac Update contributing.md with correct CLA link
• c2fe5b5 Add missing optional args
• 635bce8 Omit a few weird tests
• 3015e82 Add admin.* APIs for managing automation platfrom apps
• 09ef142 Types: split single index.ts file into files based on function/category (#1656)
• da5da33 types: Adding deprecation notices to Dialogs and Steps From Apps types (#1655)
• 25fe276 Publish @ slack/logger@4.0.0 (#1651)
• 783920c Logger updates: dependencies and higher minimum node version (#1650)
• 6afaae0 Update link to build badge in README.md
• 801b7ed Set sub-packages into GitHub Workflow matrix and use working-directory instead bash loop

See the full diff

Package name: axios

The new version differs by 250 commits.

• 8790b8e chore(release): v1.6.4 (#6173)
• 0ad520d chore(ci): fix notify action; (#6172)
• 3c0c11c fix(security): fixed formToJSON prototype pollution vulnerability; (#6167)
• 75af1cd fix(security): fixed security vulnerability in follow-redirects (#6163)
• 90864b3 docs: update logos
• 1542719 docs: updated headline sponsors
• b15b918 chore(release): v1.6.3 (#6151)
• b76cce0 chore(ci): added branches filter for notify action; (#6084)
• 5e7ad38 fix: Regular Expression Denial of Service (ReDoS) (#6132)
• 8befb86 docs: update alloy link (#6145)
• d18f40d docs: add headline sponsors
• b3be365 chore(release): v1.6.2 (#6082)
• 8739acb chore(ci): removed redundant release action; (#6081)
• bfa9c30 chore(docs): fix outdated grunt to npm scripts (#6073)
• a2b0fb3 chore(docs): update README.md (#6048)
• b12a608 chore(ci): removed paths-ignore filter; (#6080)
• 0c9d886 chore(ci): reworked ignoring files logic; (#6079)
• 30873ee chore(ci): add paths-ignore config to testing action; (#6078)
• cff9967 feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; (#6046)
• 7009715 chore(ci): fixed release notification action; (#6064)
• 7144f10 chore(ci): fixed release notification action; (#6063)
• f6d2cf9 chore(ci): fix publish action content permission; (#6061)
• a22f4b9 chore(release): v1.6.1 (#6060)
• cb8bb2b chore(ci): Publish to NPM with provenance (#5835)

See the full diff

Package name: parse-server

The new version differs by 250 commits.

• 158a974 chore(release): 5.1.0 [skip ci]
• 1593575 build: release
• ef9ee66 ci: temporarily disable breaking change detection (#7861)
• d5db318 ci: temporarily disable braking change detection (#7860)
• 9fa80eb chore(release): 5.0.0-beta.10 [skip ci]
• ff16839 build: release beta
• 0c1b75f Merge branch 'beta' into build-release-beta-19837863611
• 69781ce ci: release commit
• 2eebc68 docs: fix release link in CHANGELOG (#7856)
• 79e00e1 docs: update changelog (#7855)
• 46c9a91 chore(release): 5.0.0 [skip ci]
• 33dcf6d build: release 5.0
• 1f6e19f docs: add major release instructions to CONTRIBUTING guide (#7854)
• b2a2a7e Merge branch 'release' into build-release
• 50072bd ci: add branch name change (#7853)
• 2dceec7 docs: improve explanation for commit type usage in CONTRIBUTING guide (#7849)
• f5ef2e9 chore(release): 5.0.0-beta.9 [skip ci]
• 23a3488 feat: bump required node engine to >=12.22.10 (#7848)
• 3e68491 chore(release): 5.0.0-alpha.29 [skip ci]
• 5ace99d feat: bump required node engine to >=12.22.10 (#7846)
• 9b344da chore(release): 5.0.0-alpha.28 [skip ci]
• e569f40 fix: security vulnerability that allows remote code execution (GHSA-p6h4-93qp-jhcm) (#7844)
• 972b800 docs: add revert commit instructions to CONTRIBUTING guide (#7845)
• 6bc021e chore(release): 5.0.0-alpha.27 [skip ci]

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution