Upgrade axios to resolve CVE-2024-39338

[jayknyn]

Hi, the latest @slack/bolt@3.19.0 is using axios@1.7.2 that allows Server-Side Request Forgery via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs. This high vulnerability is failing in our CI pipeline and blocking releases.

Requirements
Axios version should be upgraded to 1.7.3 to address CVE-2024-39338

[filmaj]

I've merged a commit into main to fix this, just need to coordinate with my team around the actual release. Will update this issue once it is live on npm.

[jayknyn]

Thank you for the prompt action!

[filmaj]

bolt 3.20.0 is live on npm FYI