Medium vulnerability : Update Axios to 1.8.2

[JacobWilson01]

Mediumn Axios vulnerability fixed in 1.8.2:

Vulnerability: https://security.snyk.io/vuln/SNYK-JS-AXIOS-9292519

Packages:

Select all that apply:

• @slack/web-api
• @slack/rtm-api
• @slack/webhooks
• @slack/oauth
• @slack/socket-mode
• @slack/types
• I don't know

Requirements

Please read the Contributing guidelines and Code of Conduct before creating this issue or pull request. By submitting, you are agreeing to those rules.

[zimeg]

Hey @JacobWilson01 👋 Thanks for sharing this - we'll look into patching it soon! 🔒 ✨

[github-actions]

👋 It looks like this issue has been open for 30 days with no activity. We'll mark this as stale for now, and wait 10 days for an update or for further comment before closing this issue out. If you think this issue needs to be prioritized, please comment to get the thread going again! Maintainers also review issues marked as stale on a regular basis and comment or adjust status if the issue needs to be reprioritized.

[ajschmidt8]

@zimeg, it looks like this was addressed in #2172 and #2173, but no release was published. Do you know when these changes will be released?

[zimeg]

@ajschmidt8 Thanks for following up! 🙏 ✨

Updates for a supported axios were included in releases @slack/[email protected] and @slack/[email protected] and are available for installation now! 🎁

I apologize for the confusion this open issue causes, but I am hoping to track downstream usage in the following PRs here too:

• fix: allow all web api client option types in app initialization bolt-js#2501
• fix: require a custom 'api' url to send to instead of absolute urls as a 'method' slack-github-action#420

Though I don't have an exact timeline for those releases. FWIW your comment is a very helpful bump 😉

Of course I am also open to discussion about this, but IMO the rollout isn't quite finished across all packages 👀