Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency @slack/web-api to v7.0.2 #515

Merged
merged 1 commit into from
Feb 27, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Feb 21, 2024

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@slack/web-api (source) 7.0.1 -> 7.0.2 age adoption passing confidence

Release Notes

slackapi/node-slack-sdk (@​slack/web-api)

v7.0.2

Compare Source

Bumps axios to 1.6.3 to address a security vulnerability.


Configuration

📅 Schedule: Branch creation - "* 0-4 * * 3" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

Copy link

[puLL-Merge] - slackapi/node-slack-sdk@@slack/web-api@7.0.1..@slack/web-api@7.0.2

Description

This pull request makes several changes across the Node.js SDK for Slack, particularly affecting the GitHub Actions workflow, CLI hooks, and some specific WebSocket handling in the socket-mode package.

Changes

Changes

.github/workflows/ci-build.yml

  • The fail-fast strategy is set to false
  • The new package packages/cli-hooks is added to the matrix of packages for testing

packages/cli-hooks

  • A multitude of new files and configurations are added for the cli-hooks package, including ESLint rules, license, README, and package metadata
  • The .gitignore is set up for Node and script hooks
  • The package includes various JavaScript style configurations and eslint ignore settings
  • The main addition here is the CLI hooks package, which integrates with the Slack CLI, providing hooks for the CLI to interact with Bolt apps
  • New scripts are added to the bin directory for interfacing with Slack CLI functionalities

packages/socket-mode/.nycrc.json

  • New .nycrc.json file which includes configurations for coverage reporting in the socket-mode package.

packages/socket-mode/README.md

  • Updates the README.md for the socket-mode package, ensuring links are correctly pointed to the latest versions and API documentation
  • Some text is also changed in the README.md

packages/socket-mode/package.json

  • Updates node version requirements to be >= 18 and npm version to >= 8.6.0

packages/socket-mode/src

  • Refactors WebClient.spec.js to remove any types and replaces them with more specific types
  • Updates testing specs to include tests for new scenarios, such as apps.event.authorizations.list behavior
  • Refactors SocketModeClient.ts to improve websocket message handling, including proper handling of binary message which should be ignored as unexpected messages
  • Adds new integration test integration.spec.js for testing the socket mode client with mock servers

packages/web-api/package.json

  • A new patch version bump for the web-api package

packages/web-api/src

  • Added additional checks and functionality in the WebClient.ts and its spec WebClient.spec.js to prevent sending the token in the payload body specifically when calling apps.event.authorizations.list
  • Improved test coverage for WebClient.ts and file-upload.spec.js
  • Redefined types for file-upload.ts to clarify required fields for file uploads
  • Added new helper type ExcludeFromUnion in helpers.ts
  • Updated types in files.ts to use the new helper type and to make the types more clear for multi-file uploads

Security Hotspots

None identified. The changes mainly involve configuration files, internal package features, and refactoring TypeScript types for better clarity. Tests added do not contain any risky code, and changes in the workflows don't involve any sensitive information or risky operations. The new CLI-hooks package will need to be reviewed for overall architecture security but does not involve any obvious security flaws in the code itself.

@thypon thypon merged commit 639e536 into main Feb 27, 2024
11 checks passed
@thypon thypon deleted the renovate/slack-web-api-7.x-lockfile branch February 27, 2024 00:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant