Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Axios to 1.7.4 to remove high severity vulnerability #1874

Closed
1 of 7 tasks
Saku75 opened this issue Aug 15, 2024 · 1 comment · Fixed by #1875
Closed
1 of 7 tasks

Update Axios to 1.7.4 to remove high severity vulnerability #1874

Saku75 opened this issue Aug 15, 2024 · 1 comment · Fixed by #1875
Labels
pkg:web-api applies to `@slack/web-api` security semver:patch
Milestone
web-api@7.3.4

Comments

@Saku75
Copy link

Saku75 commented Aug 15, 2024

As of yesterday, Axios fixed this vulnerability. How much work needs to be done to update Axios?

Let me know if i posted this correctly, wasn't sure what to call it.

Packages:

Select all that apply:

  • @slack/web-api
  • @slack/rtm-api
  • @slack/webhooks
  • @slack/oauth
  • @slack/socket-mode
  • @slack/types
  • I don't know

Requirements

Please read the Contributing guidelines and Code of Conduct before creating this issue or pull request. By submitting, you are agreeing to those rules.
@filmaj filmaj added semver:patch security pkg:web-api applies to `@slack/web-api` and removed untriaged labels Aug 15, 2024
@filmaj filmaj added this to the web-api@7.3.4 milestone Aug 15, 2024
filmaj added a commit that referenced this issue Aug 15, 2024
@filmaj
fix: bump axios to 1.7.4 to address CVE. fixes #1874
3174702
@filmaj filmaj mentioned this issue Aug 15, 2024
Merged
@filmaj
Copy link
Contributor

filmaj commented Aug 15, 2024

The fix for this should be live in @slack/web-api v7.3.4.

This was referenced Aug 15, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
pkg:web-api applies to `@slack/web-api` security semver:patch
Projects
None yet
Milestone
web-api@7.3.4
Development

Successfully merging a pull request may close this issue.

fix: bump axios to 1.7.4 to address CVE slackapi/node-slack-sdk
2 participants
@filmaj @Saku75