Skip to content

Comments

fix(webhook): bump axios to 1.8.3 to address CVE-2025-27152#2173

Merged
zimeg merged 3 commits intomainfrom
chore-webhook-axios-1.8.2
Mar 12, 2025
Merged

fix(webhook): bump axios to 1.8.3 to address CVE-2025-27152#2173
zimeg merged 3 commits intomainfrom
chore-webhook-axios-1.8.2

Conversation

@zimeg
Copy link
Member

@zimeg zimeg commented Mar 11, 2025
edited
Loading

Summary

This PR updates axios to 1.8.3 to address CVE-2025-27152 - as noted in #2169 🔐

A semver:minor release for axios happened with this change, but AFAICT no other changes are needed. It might be nice to share these changes in a following patch 👀

Requirements

@zimeg zimeg added semver:patch security pkg:webhook applies to `@slack/webhook` dependencies Pull requests that update a dependency file labels Mar 11, 2025
@zimeg zimeg added this to the [email protected] milestone Mar 11, 2025
@zimeg zimeg self-assigned this Mar 11, 2025
@zimeg zimeg changed the title chore(webhook): bump axios to 1.8.2 to address CVE-2025-27152 fix(webhook): bump axios to 1.8.2 to address CVE-2025-27152 Mar 11, 2025
@codecov
Copy link

codecov bot commented Mar 11, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91.94%. Comparing base (6012cf3) to head (6029b63).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #2173   +/-   ##
=======================================
  Coverage   91.94%   91.94%           
=======================================
  Files          38       38           
  Lines       10328    10328           
  Branches      652      652           
=======================================
  Hits         9496     9496           
  Misses        820      820           
  Partials       12       12
Flag Coverage Δ
cli-hooks 95.23% <ø> (ø)
cli-test 94.76% <ø> (ø)
oauth 77.39% <ø> (ø)
socket-mode 61.82% <ø> (ø)
web-api 96.88% <ø> (ø)
webhook 96.65% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

andrii-lemdianov
andrii-lemdianov approved these changes Mar 11, 2025
View reviewed changes
Copy link

@andrii-lemdianov andrii-lemdianov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Gret job, can't wait to get it updated

hello-ashleyintech
hello-ashleyintech approved these changes Mar 11, 2025
View reviewed changes
Copy link
Contributor

@hello-ashleyintech hello-ashleyintech left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@zimeg zimeg changed the title fix(webhook): bump axios to 1.8.2 to address CVE-2025-27152 fix(webhook): bump axios to 1.8.3 to address CVE-2025-27152 Mar 12, 2025
@zimeg
Copy link
Member Author

zimeg commented Mar 12, 2025

@andrii-lemdianov @hello-ashleyintech Thank y'all both for the reviews! I revisited this to bump axios to the 1.8.3 release for the related TypeScript fixes just now 🚀

If that's still all good, I'll go ahead with a merge and release soon after!

@zimeg zimeg merged commit a0e79f9 into main Mar 12, 2025
57 checks passed
@zimeg zimeg deleted the chore-webhook-axios-1.8.2 branch March 12, 2025 19:15
@zimeg zimeg mentioned this pull request Mar 14, 2025
Merged
2 tasks
@ajschmidt8 ajschmidt8 mentioned this pull request Apr 21, 2025
Closed
7 tasks
@smartinio smartinio mentioned this pull request Apr 24, 2025
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@WilliamBergamin WilliamBergamin Awaiting requested review from WilliamBergamin

@cchensh cchensh Awaiting requested review from cchensh

@hello-ashleyintech hello-ashleyintech Awaiting requested review from hello-ashleyintech

1 more reviewer

@andrii-lemdianov andrii-lemdianov andrii-lemdianov approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@zimeg zimeg

Labels

dependencies Pull requests that update a dependency file pkg:webhook applies to `@slack/webhook` security semver:patch

Projects

None yet

Milestone

[email protected]

Development

Successfully merging this pull request may close these issues.

3 participants

@zimeg @hello-ashleyintech @andrii-lemdianov