[Snyk] Upgrade @slack/bolt from 3.10.0 to 3.18.0

[mohammad-84]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade @slack/bolt from 3.10.0 to 3.18.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 19 versions ahead of your current version.

• The recommended version was released on 2 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482	Proof of Concept
	Denial of Service (DoS) SNYK-JS-WS-7266574	482	Proof of Concept
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	482	Proof of Concept
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	482	Proof of Concept
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	482	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	482	Proof of Concept
	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	482	No Known Exploit
	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	482	No Known Exploit
	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	482	No Known Exploit

Release notes

Package name: @slack/bolt

• 3.18.0 - 2024-04-25
  

  What's Changed

  • Fix #2056 by adding files to app_mention event payload by @ seratch in #2057
  • Update acknowledging_requests.md by @ technically-tracy in #2086

  New Contributors

  • @ technically-tracy made their first contribution in #2086

  Full Changelog: https://github.com/slackapi/bolt-js/compare/@ slack/bolt@3.17.1...@ slack/bolt@3.18.0

• 3.17.2-rc.1 - 2024-04-17
  

  …nts.

• 3.17.1 - 2024-01-11
  

  What's Changed

  • chore(3.17.1): Publish v3.17.1 by @ rafael-fecha, including dependency updates to address an Axios security vulnerability in #2029

  New Contributors

  • @ rafael-fecha made their first contribution in #2029

  Full Changelog: https://github.com/slackapi/bolt-js/compare/@ slack/bolt@3.17.0...@ slack/bolt@3.17.1

• 3.17.1-customFunctionBeta.0 - 2024-01-26
  

  v3.17.1-customFunctionBeta.0

• 3.17.0 - 2023-12-20
  

  What's Changed

  • Support for style.code properties on rich text elements (updates @ slack/types to 2.11 and @ slack/web-api to 6.11) by @ filmaj in #2017

  Full Changelog: https://github.com/slackapi/bolt-js/compare/@ slack/bolt@3.16.0...@ slack/bolt@3.17.0

• 3.16.0 - 2023-12-01
  

  What's Changed

  Enhancements 🎁

  • Close HTTP response on unhandled request timeout - Thank you @ suhailgupta03 in #2007
  • Prevent sending response headers if already sent in default error han… - Thanks! @ suhailgupta03 in #2006

  Maintainers

  • Complete every matrix test regardless of adjacent failures - Thank you @ zimeg in #2004
  • Bump @ types/node from 20.9.0 to 20.9.2 by @ dependabot in #2000
  • Bump @ types/node from 20.9.2 to 20.10.0 by @ dependabot in #2003

  New Contributors 👋

  • @ suhailgupta03 made their first contribution in #2006 🎉

  Full Changelog: https://github.com/slackapi/bolt-js/compare/@ slack/bolt@3.15.0...@ slack/bolt@3.16.0

• 3.15.0 - 2023-11-15
  

  What's Changed

  This minor release includes support for the new File Input Block Kit Element, which allows for users to submit files using Block Kit. It also removes all traces of vulnerable versions of the axios dependency.

  Enhancements

  • Add file_input block element payload support in TS by @ seratch in #1995
  • Add rich_text_input block element payload support in TS by @ seratch in #1963
  • Allow a custom SocketModeReceiver to be used with Socket Mode by @ zimeg in #1972
  • Include an example of using middleware with the ExpressReceiver by @ zimeg in #1973

  Bug Fixes

  • fix: options constraint has wrong type definition by @ nemanjastanic in #1940

  Dependencies

  • Bump @ types/node from 20.6.2 to 20.9.0
  • Upgrade axios by @ wannfq in #1986
  • Update mocha and web-api dependencies by @ filmaj in #1994

  Other

  • Remove beta documentation by @ zimeg in #1961
  • Fix link in docs by @ mkly in #1992

  New Contributors

  • @ nemanjastanic made their first contribution in #1940
  • @ wannfq made their first contribution in #1986
  • @ mkly made their first contribution in #1992

  Full Changelog: https://github.com/slackapi/bolt-js/compare/@ slack/bolt@3.14.0...@ slack/bolt@3.15.0

• 3.14.0 - 2023-09-21
  

  What's Changed

  Important Notice

  Since this version, we've dropped Node 16 support as the version is EOLed on September 11th, 2023. Please upgrade to a newer Node.js version from now on.

  Enhancements

  • Add typings for timepicker by @ YussufElarif in #1928
  • Upload code coverage reports using the Codecov GitHub Action by @ zimeg in #1937
  • Expose useful functions by @ WilliamBergamin in #1955

  Bug Fixes

  • Update ci-build.yml - add codecov upload token by @ srajiang in #1952

  Dependencies

  • Bump @ types/node from 20.4.5 to 20.4.8 by @ dependabot in #1922
  • Bump @ types/node from 20.4.8 to 20.5.0 by @ dependabot in #1923
  • Bump @ types/node from 20.5.0 to 20.5.1 by @ dependabot in #1929
  • Bump @ types/node from 20.5.1 to 20.5.7 by @ dependabot in #1934
  • Bump @ slack/logger from 3.0.0 to 4.0.0 by @ dependabot in #1935
  • Bump @ types/node from 20.5.7 to 20.5.9 by @ dependabot in #1938
  • Bump @ types/node from 20.5.9 to 20.6.0 by @ dependabot in #1945
  • Bump @ types/node from 20.6.0 to 20.6.2 by @ dependabot in #1951
  • Release: @ slack/bolt@3.14.0 by @ WilliamBergamin in #1956

  New Contributors

  • @ YussufElarif made their first contribution in #1928

  Full Changelog: https://github.com/slackapi/bolt-js/compare/@ slack/bolt@3.13.3...@ slack/bolt@3.14.0

• 3.13.3 - 2023-08-04
• 3.13.2 - 2023-07-13
• 3.13.1 - 2023-04-28
• 3.13.0 - 2023-04-04
• 3.12.2 - 2022-11-02
• 3.12.1 - 2022-07-26
• 3.12.0 - 2022-07-14
• 3.11.3 - 2022-06-17
• 3.11.2 - 2022-06-14
• 3.11.1 - 2022-05-13
• 3.11.0 - 2022-03-30
• 3.10.0 - 2022-02-23

from @slack/bolt GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs