Conversation
hello-ashleyintech
added
the
dependencies
|
tests pass locally with new deps installed |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #2360 +/- ##
=======================================
Coverage 92.59% 92.59%
=======================================
Files 36 36
Lines 7472 7472
Branches 653 653
=======================================
Hits 6919 6919
Misses 545 545
Partials 8 8 ☔ View full report in Codecov by Sentry. |
WilliamBergamin
left a comment
WilliamBergamin
left a comment
There was a problem hiding this comment.
This looks good to me 💯 but may I suggest waiting until the number of downloads for @slack/socket-mode v2.0.3 rises slightly before merging/releasing these changes
socket-mode is a critical part of this project, if there is an issue with it it would be nice to catch it before releasing it here 🤔
|
holding off on merging for now based on the above ^ |
zimeg
left a comment
zimeg
left a comment
There was a problem hiding this comment.
Bumping the @slack dependencies of bolt always brings a question or two...
Otherwise, feel free to merge when the time is right! 🙏
And I tested these changes with a few typescript and javascript projects and found the builds are alright as well, though I'm always hoping to find more ways to test future changes 👀
| "@slack/types": "^2.13.0", | ||
| "@slack/web-api": "^7", | ||
| "axios": "^1.7.4", | ||
| "@slack/web-api": "^7.8.0", |
There was a problem hiding this comment.
Would this bump make this change a semver:minor because new features are introduced? 🤔
I'm thinking we should've had this set to the latest semver:minor anyways since features of @slack/web-api are exposed from @slack/bolt - such as the assistant APIs released in @slack/[email protected] being required since @slack/[email protected] - but let me know what you think! 🔍
|
@hello-ashleyintech got a few thousand download of socket mode 2.0.3 with no reported issues, I think we can safely merge this |
|
@hello-ashleyintech @WilliamBergamin Jumping in on this winterish week to merge this and will tag it as @hello-ashleyintech Thanks a ton for making these changes upstream and here! Huge lifts! 💪 ✨ |
3 participants
Summary
This PR updates the following dep minimums to most recent version to avoid security vulns:
@slack/oauthto3.0.2@slack/socket-modeto2.0.3@slack/web-apito7.8.0axiosto1.7.8Requirements (place an
xin each[ ])