Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Update Axios to 1.7.4 to remove high severity vulnerability #1874

Closed
1 of 7 tasks
Saku75 opened this issue Aug 15, 2024 · 1 comment · Fixed by #1875
Closed
1 of 7 tasks

Update Axios to 1.7.4 to remove high severity vulnerability #1874

Saku75 opened this issue Aug 15, 2024 · 1 comment · Fixed by #1875
Labels
pkg:web-api applies to `@slack/web-api` security semver:patch
Milestone
web-api@7.3.4

Comments

@Saku75
Copy link

Saku75 commented Aug 15, 2024

As of yesterday, Axios fixed this vulnerability. How much work needs to be done to update Axios?

Let me know if i posted this correctly, wasn't sure what to call it.

Packages:

Select all that apply:

  • @slack/web-api
  • @slack/rtm-api
  • @slack/webhooks
  • @slack/oauth
  • @slack/socket-mode
  • @slack/types
  • I don't know

Requirements

Please read the Contributing guidelines and Code of Conduct before creating this issue or pull request. By submitting, you are agreeing to those rules.
@filmaj filmaj added semver:patch security pkg:web-api applies to `@slack/web-api` and removed untriaged labels Aug 15, 2024
@filmaj filmaj added this to the web-api@7.3.4 milestone Aug 15, 2024
filmaj pushed a commit that referenced this issue Aug 15, 2024
fix: bump axios to 1.7.4 to address CVE. fixes #1874
3174702
@filmaj filmaj mentioned this issue Aug 15, 2024
Merged
@filmaj
Copy link
Contributor

filmaj commented Aug 15, 2024

The fix for this should be live in @slack/web-api v7.3.4.

This was referenced Aug 15, 2024
Merged
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
pkg:web-api applies to `@slack/web-api` security semver:patch
Projects
None yet
Milestone
web-api@7.3.4
Development

Successfully merging a pull request may close this issue.

fix: bump axios to 1.7.4 to address CVE slackapi/node-slack-sdk
2 participants
@filmaj @Saku75