Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(3.17.1): Publish v3.17.1 #2029

Merged
merged 3 commits into from
Jan 11, 2024
Merged

Conversation

rafael-fecha
Copy link
Contributor

  • bump package json version and @slack/web-api @slack/oauth and @slack/socket-mode versions to fix vulnerable depdendencies.

Summary

Fixes: #2028

Requirements (place an x in each [ ])

Copy link

Thanks for the contribution! Unfortunately we can't verify the commit author(s): Rafael Fecha <r***@s***.com>. One possible solution is to add that email to your GitHub account. Alternatively you can change your commits to another email and force push the change. After getting your commits associated with your GitHub account, sign the Salesforce Inc. Contributor License Agreement and this Pull Request will be revalidated.

Copy link

Thanks for the contribution! Before we can merge this, we need @rafael-fecha to sign the Salesforce Inc. Contributor License Agreement.

Copy link
Contributor

@filmaj filmaj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks so much! I always forget about bolt when doing maintenance releases of the node SDKs 🤦

@filmaj filmaj self-assigned this Jan 11, 2024
@filmaj filmaj added security semver:patch dependencies Pull requests that update a dependency file labels Jan 11, 2024
@filmaj filmaj added this to the 3.17.1 milestone Jan 11, 2024
Copy link

codecov bot commented Jan 11, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (ca8f138) 81.97% compared to head (7cc66c4) 81.97%.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #2029   +/-   ##
=======================================
  Coverage   81.97%   81.97%           
=======================================
  Files          18       18           
  Lines        1531     1531           
  Branches      440      440           
=======================================
  Hits         1255     1255           
  Misses        178      178           
  Partials       98       98           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@filmaj
Copy link
Contributor

filmaj commented Jan 11, 2024

@rafael-fecha it seems there was a backwards-incompatible update in chai 4.4 that affects node 12.

Can you also change the chai entry in devDependencies in this PR to change chai from ^4.20 to ~4.3.0, so we can lock to chai 4.3 until the next major release of bolt? In my local testing that fixes the failures in this PR.

Copy link
Contributor

@filmaj filmaj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe if we change the chai dependency from:

"chai": "^4.2.0",

To:

"chai": "~4.3.0",

Then the tests for this PR will pass.

@rafael-fecha rafael-fecha requested a review from filmaj January 11, 2024 16:42
@rafael-fecha
Copy link
Contributor Author

I believe if we change the chai dependency from:

"chai": "^4.2.0",

To:

"chai": "~4.3.0",

Then the tests for this PR will pass.

hey @filmaj thanks for the suggestion. i've just pushed the change

@filmaj
Copy link
Contributor

filmaj commented Jan 11, 2024

@rafael-fecha please set the chai dependency to use the ~ and not the ^. The issue exists in chai 4.4, so we want to avoid that version. ^4.3.0 will allow 4.3, 4.4, 4.5, etc. all the way up to but not including 5.0.

However, what we want is ~4.3.0 which allows all patch versions of 4.3 - but not newer minor versions. With this way, 4.3.0, 4.3.1, 4.3.2, etc. all the way up to but not including 4.4 will be allowed, which is what we want.

@rafael-fecha
Copy link
Contributor Author

@rafael-fecha please set the chai dependency to use the ~ and not the ^. The issue exists in chai 4.4, so we want to avoid that version. ^4.3.0 will allow 4.3, 4.4, 4.5, etc. all the way up to but not including 5.0.

However, what we want is ~4.3.0 which allows all patch versions of 4.3 - but not newer minor versions. With this way, 4.3.0, 4.3.1, 4.3.2, etc. all the way up to but not including 4.4 will be allowed, which is what we want.

you are right, just pushed the latest change

Copy link
Contributor

@filmaj filmaj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks for working through this PR with me. As soon as the tests pass, I will merge and start the release process.

@filmaj filmaj merged commit 427f6db into slackapi:main Jan 11, 2024
8 checks passed
@rafael-fecha
Copy link
Contributor Author

LGTM! Thanks for working through this PR with me. As soon as the tests pass, I will merge and start the release process.

you are welcome ! thank you @filmaj for checking this so fast

misscoded pushed a commit that referenced this pull request Jan 25, 2024
* chore(3.17.1): bump package json version and update @slack/web-api @slack/oauth and @slack/socket-mode versions to address axios security vulnerability

* chore(chai): lock chai version in order to fix the ci test with lower node version
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cla:signed dependencies Pull requests that update a dependency file security semver:patch
Projects
None yet
2 participants