chore(3.17.1): Publish v3.17.1

[rafael-fecha]

• bump package json version and @slack/web-api @slack/oauth and @slack/socket-mode versions to fix vulnerable depdendencies.

Summary

Fixes: #2028

Requirements (place an x in each [ ])

• [x ] I've read and understood the Contributing Guidelines and have done my best effort to follow them.
• [x ] I've read and agree to the Code of Conduct.

[salesforce-cla]

Thanks for the contribution! Unfortunately we can't verify the commit author(s): Rafael Fecha <r***@s***.com>. One possible solution is to add that email to your GitHub account. Alternatively you can change your commits to another email and force push the change. After getting your commits associated with your GitHub account, sign the Salesforce Inc. Contributor License Agreement and this Pull Request will be revalidated.

[salesforce-cla]

Thanks for the contribution! Before we can merge this, we need @rafael-fecha to sign the Salesforce Inc. Contributor License Agreement.

[filmaj]

Thanks so much! I always forget about bolt when doing maintenance releases of the node SDKs 🤦

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (ca8f138) 81.97% compared to head (7cc66c4) 81.97%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2029   +/-   ##
=======================================
  Coverage   81.97%   81.97%           
=======================================
  Files          18       18           
  Lines        1531     1531           
  Branches      440      440           
=======================================
  Hits         1255     1255           
  Misses        178      178           
  Partials       98       98           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[filmaj]

@rafael-fecha it seems there was a backwards-incompatible update in chai 4.4 that affects node 12.

Can you also change the chai entry in devDependencies in this PR to change chai from ^4.20 to ~4.3.0, so we can lock to chai 4.3 until the next major release of bolt? In my local testing that fixes the failures in this PR.

[filmaj]

I believe if we change the chai dependency from:

"chai": "^4.2.0",

To:

"chai": "~4.3.0",

Then the tests for this PR will pass.

[rafael-fecha]

I believe if we change the chai dependency from:

"chai": "^4.2.0",

To:

"chai": "~4.3.0",

Then the tests for this PR will pass.

hey @filmaj thanks for the suggestion. i've just pushed the change

[filmaj]

@rafael-fecha please set the chai dependency to use the ~ and not the ^. The issue exists in chai 4.4, so we want to avoid that version. ^4.3.0 will allow 4.3, 4.4, 4.5, etc. all the way up to but not including 5.0.

However, what we want is ~4.3.0 which allows all patch versions of 4.3 - but not newer minor versions. With this way, 4.3.0, 4.3.1, 4.3.2, etc. all the way up to but not including 4.4 will be allowed, which is what we want.

[rafael-fecha]

@rafael-fecha please set the chai dependency to use the ~ and not the ^. The issue exists in chai 4.4, so we want to avoid that version. ^4.3.0 will allow 4.3, 4.4, 4.5, etc. all the way up to but not including 5.0.

However, what we want is ~4.3.0 which allows all patch versions of 4.3 - but not newer minor versions. With this way, 4.3.0, 4.3.1, 4.3.2, etc. all the way up to but not including 4.4 will be allowed, which is what we want.

you are right, just pushed the latest change

[filmaj]

LGTM! Thanks for working through this PR with me. As soon as the tests pass, I will merge and start the release process.

[rafael-fecha]

LGTM! Thanks for working through this PR with me. As soon as the tests pass, I will merge and start the release process.

you are welcome ! thank you @filmaj for checking this so fast