[Snyk] Upgrade @slack/bolt from 3.10.0 to 3.19.0

[mohammad-84]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade @slack/bolt from 3.10.0 to 3.19.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 20 versions ahead of your current version.

• The recommended version was released on 21 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	462	Proof of Concept
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	462	Proof of Concept
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	462	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	462	Proof of Concept
	Denial of Service (DoS) SNYK-JS-WS-7266574	462	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	462	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	462	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	462	Proof of Concept
	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	462	No Known Exploit
	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	462	No Known Exploit
	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	462	No Known Exploit

Release notes

Package name: @slack/bolt

• 3.19.0 - 2024-06-19
  

  What's Changed

  More customizations for the AwsLambdaReceiver have landed as well as a few touchups to typings and documented details!

  With this release, the signature verification for AwsLambdaReceiver can now be turned off if that's something you're interested in! Perhaps you have your own stylish way of verifying these signatures. The following can be added to your receiver to unlock this:

  const { App, AwsLambdaReceiver } = require('@ slack/bolt');

  const app = new App({
  ...
  receiver: new AwsLambdaReceiver({
  signatureVerification: false,
  }),
  });

  Read on and browse around for more details on all of the changes included!

  🎁 Enhancments

  • Add flag to AwsLambdaReceiver to enable/disable signature verification in #2107 - thanks @ noah-guillory!

  🐛 Fixes

  • Add a type predicate for CodedError in #2110 - thanks @ filmaj!
  • ButtonAction value field not required in #2134 - thanks @ srajiang!
  • fix(types): return void promises from the express receiver middleware parser in #2141 - thanks @ zimeg!

  📚 Documentation

  • docs: fixed duplicative header links in reference in #2120 - thanks @ lukegalbraithrussell!
  • docs: deprecate Steps from Apps docs in #2130 - thanks @ filmaj!
  • docs: add JSDoc to and list out all available builtin middleware functions in the docs in #2136 - thanks @ filmaj!

  🧰 Maintenance

  • ci(test): perform unit testing against node version 22 in #2140 - thanks @ zimeg!
  • chore(release): tag version @ slack/bolt@3.19.0 in #2142 - thanks @ zimeg!

  📦 Dependencies

  • Bump @ types/node from 20.12.7 to 20.12.10 in #2111 - thanks @ dependabot!
  • Bump @ types/node from 20.12.10 to 20.12.11 in #2114 - thanks @ dependabot!
  • Bump @ types/node from 20.12.11 to 20.12.12 in #2117 - thanks @ dependabot!
  • Bump @ types/node from 20.12.12 to 20.14.0 in #2125 - thanks @ dependabot!
  • Bump @ types/node from 20.14.0 to 20.14.2 in #2132 - thanks @ dependabot!

  New Contributors

  • @ noah-guillory made their first contribution in #2107
  • @ lukegalbraithrussell made their first contribution in #2120

  Full Changelog: https://github.com/slackapi/bolt-js/compare/@ slack/bolt@3.18.0...@ slack/bolt@3.19.0

• 3.18.0 - 2024-04-25
  

  What's Changed

  • Fix #2056 by adding files to app_mention event payload by @ seratch in #2057
  • Update acknowledging_requests.md by @ technically-tracy in #2086

  New Contributors

  • @ technically-tracy made their first contribution in #2086

  Full Changelog: https://github.com/slackapi/bolt-js/compare/@ slack/bolt@3.17.1...@ slack/bolt@3.18.0

• 3.17.2-rc.1 - 2024-04-17
  

  …nts.

• 3.17.1 - 2024-01-11
  

  What's Changed

  • chore(3.17.1): Publish v3.17.1 by @ rafael-fecha, including dependency updates to address an Axios security vulnerability in #2029

  New Contributors

  • @ rafael-fecha made their first contribution in #2029

  Full Changelog: https://github.com/slackapi/bolt-js/compare/@ slack/bolt@3.17.0...@ slack/bolt@3.17.1

• 3.17.1-customFunctionBeta.0 - 2024-01-26
  

  v3.17.1-customFunctionBeta.0

• 3.17.0 - 2023-12-20
  

  What's Changed

  • Support for style.code properties on rich text elements (updates @ slack/types to 2.11 and @ slack/web-api to 6.11) by @ filmaj in #2017

  Full Changelog: https://github.com/slackapi/bolt-js/compare/@ slack/bolt@3.16.0...@ slack/bolt@3.17.0

• 3.16.0 - 2023-12-01
  

  What's Changed

  Enhancements 🎁

  • Close HTTP response on unhandled request timeout - Thank you @ suhailgupta03 in #2007
  • Prevent sending response headers if already sent in default error han… - Thanks! @ suhailgupta03 in #2006

  Maintainers

  • Complete every matrix test regardless of adjacent failures - Thank you @ zimeg in #2004
  • Bump @ types/node from 20.9.0 to 20.9.2 by @ dependabot in #2000
  • Bump @ types/node from 20.9.2 to 20.10.0 by @ dependabot in #2003

  New Contributors 👋

  • @ suhailgupta03 made their first contribution in #2006 🎉

  Full Changelog: https://github.com/slackapi/bolt-js/compare/@ slack/bolt@3.15.0...@ slack/bolt@3.16.0

• 3.15.0 - 2023-11-15
  

  What's Changed

  This minor release includes support for the new File Input Block Kit Element, which allows for users to submit files using Block Kit. It also removes all traces of vulnerable versions of the axios dependency.

  Enhancements

  • Add file_input block element payload support in TS by @ seratch in #1995
  • Add rich_text_input block element payload support in TS by @ seratch in #1963
  • Allow a custom SocketModeReceiver to be used with Socket Mode by @ zimeg in #1972
  • Include an example of using middleware with the ExpressReceiver by @ zimeg in #1973

  Bug Fixes

  • fix: options constraint has wrong type definition by @ nemanjastanic in #1940

  Dependencies

  • Bump @ types/node from 20.6.2 to 20.9.0
  • Upgrade axios by @ wannfq in #1986
  • Update mocha and web-api dependencies by @ filmaj in #1994

  Other

  • Remove beta documentation by @ zimeg in #1961
  • Fix link in docs by @ mkly in #1992

  New Contributors

  • @ nemanjastanic made their first contribution in #1940
  • @ wannfq made their first contribution in #1986
  • @ mkly made their first contribution in #1992

  Full Changelog: https://github.com/slackapi/bolt-js/compare/@ slack/bolt@3.14.0...@ slack/bolt@3.15.0

• 3.14.0 - 2023-09-21
  

  What's Changed

  Important Notice

  Since this version, we've dropped Node 16 support as the version is EOLed on September 11th, 2023. Please upgrade to a newer Node.js version from now on.

  Enhancements

  • Add typings for timepicker by @ YussufElarif in #1928
  • Upload code coverage reports using the Codecov GitHub Action by @ zimeg in #1937
  • Expose useful functions by @ WilliamBergamin in #1955

  Bug Fixes

  • Update ci-build.yml - add codecov upload token by @ srajiang in #1952

  Dependencies

  • Bump @ types/node from 20.4.5 to 20.4.8 by @ dependabot in #1922
  • Bump @ types/node from 20.4.8 to 20.5.0 by @ dependabot in #1923
  • Bump @ types/node from 20.5.0 to 20.5.1 by @ dependabot in #1929
  • Bump @ types/node from 20.5.1 to 20.5.7 by @ dependabot in #1934
  • Bump @ slack/logger from 3.0.0 to 4.0.0 by @ dependabot in #1935
  • Bump @ types/node from 20.5.7 to 20.5.9 by @ dependabot in #1938
  • Bump @ types/node from 20.5.9 to 20.6.0 by @ dependabot in #1945
  • Bump @ types/node from 20.6.0 to 20.6.2 by @ dependabot in #1951
  • Release: @ slack/bolt@3.14.0 by @ WilliamBergamin in #1956

  New Contributors

  • @ YussufElarif made their first contribution in #1928

  Full Changelog: https://github.com/slackapi/bolt-js/compare/@ slack/bolt@3.13.3...@ slack/bolt@3.14.0

• 3.13.3 - 2023-08-04
• 3.13.2 - 2023-07-13
• 3.13.1 - 2023-04-28
• 3.13.0 - 2023-04-04
• 3.12.2 - 2022-11-02
• 3.12.1 - 2022-07-26
• 3.12.0 - 2022-07-14
• 3.11.3 - 2022-06-17
• 3.11.2 - 2022-06-14
• 3.11.1 - 2022-05-13
• 3.11.0 - 2022-03-30
• 3.10.0 - 2022-02-23

from @slack/bolt GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs