[Snyk] Security upgrade @slack/web-api from 6.7.0 to 6.9.1

[snyk-io]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Allocation of Resources Without Limits or Throttling SNYK-JS-AXIOS-15930944	685

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[snyk-io]

This is a minor version upgrade from 6.7.0 to 6.9.1. The releases within this range primarily include new features, bug fixes, and internal improvements.

Highlights:

• New Features: Support for new API methods and arguments has been added.
• No Breaking Changes: There are no documented breaking changes between these versions.

This upgrade is considered safe with no mandatory actions required.

Source: GitHub Releases

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[hivel-marco]

PR Complexity Score: 1.7 - Trivial

View Breakdown

• Lines Changed: 423
• Files Changed: 2
• Complexity Added: 0
• Raw Score: 14.46

⚠️ Sensitive Data (PII/ Secrets) Detected

File	Types	Count
package-lock.json Line Type Preview 439 Secret: Base64 High Entropy String [Base64 High Entropy String] 449 Secret: Base64 High Entropy String [Base64 High Entropy String] 856 Secret: Base64 High Entropy String [Base64 High Entropy String] 867 Secret: Base64 High Entropy String [Base64 High Entropy String] 1005 Secret: Base64 High Entropy String [Base64 High Entropy String] 1280 Secret: Base64 High Entropy String [Base64 High Entropy String] 1341 Secret: Base64 High Entropy String [Base64 High Entropy String] 1350 Secret: Base64 High Entropy String [Base64 High Entropy String] 1359 Secret: Base64 High Entropy String [Base64 High Entropy String] 1371 Secret: Base64 High Entropy String [Base64 High Entropy String] 1550 Secret: Base64 High Entropy String [Base64 High Entropy String] 1604 Secret: Base64 High Entropy String [Base64 High Entropy String] 1613 Secret: Base64 High Entropy String [Base64 High Entropy String] 1637 Secret: Base64 High Entropy String [Base64 High Entropy String] 1694 Secret: Base64 High Entropy String [Base64 High Entropy String] 1771 Secret: Base64 High Entropy String [Base64 High Entropy String] 1783 Secret: Base64 High Entropy String [Base64 High Entropy String] 1806 Secret: Base64 High Entropy String [Base64 High Entropy String] 2018 Secret: Base64 High Entropy String [Base64 High Entropy String] 2349 Secret: Base64 High Entropy String [Base64 High Entropy String] 2855 Secret: Base64 High Entropy String [Base64 High Entropy String] 4005 Secret: Base64 High Entropy String [Base64 High Entropy String] 4010 Secret: Base64 High Entropy String [Base64 High Entropy String] 4365 Secret: Base64 High Entropy String [Base64 High Entropy String] 4375 Secret: Base64 High Entropy String [Base64 High Entropy String] 4489 Secret: Base64 High Entropy String [Base64 High Entropy String] 4691 Secret: Base64 High Entropy String [Base64 High Entropy String] 4745 Secret: Base64 High Entropy String [Base64 High Entropy String] 4750 Secret: Base64 High Entropy String [Base64 High Entropy String] 4755 Secret: Base64 High Entropy String [Base64 High Entropy String] 4763 Secret: Base64 High Entropy String [Base64 High Entropy String] 4904 Secret: Base64 High Entropy String [Base64 High Entropy String] 4934 Secret: Base64 High Entropy String [Base64 High Entropy String] 4939 Secret: Base64 High Entropy String [Base64 High Entropy String] 4956 Secret: Base64 High Entropy String [Base64 High Entropy String] 4994 Secret: Base64 High Entropy String [Base64 High Entropy String] 5047 Secret: Base64 High Entropy String [Base64 High Entropy String] 5052 Secret: Base64 High Entropy String [Base64 High Entropy String] 5065 Secret: Base64 High Entropy String [Base64 High Entropy String] 5220 Secret: Base64 High Entropy String [Base64 High Entropy String] 5483 Secret: Base64 High Entropy String [Base64 High Entropy String] 5868 Secret: Base64 High Entropy String [Base64 High Entropy String]	Base64 High Entropy String	42

Overview

This PR upgrades the Slack Web API client dependency to a newer minor version and refreshes its transitive dependency tree. The main goal is to keep the Slack integration and underlying HTTP client (axios) up to date with current releases, including security and compatibility updates. Changes are limited to dependency version bumps in package.json and the corresponding lockfile updates in package-lock.json.

Key Changes

• Bumps @slack/web-api from ^6.7.0 to ^6.9.1 to use a more recent Slack SDK.
• Updates transitive Slack dependencies, including @slack/types from 2.4.0 to 2.20.1 and is-electron from 2.2.0 to 2.2.2.
• Upgrades axios from 0.25.0 to 1.15.0, along with related dependencies (follow-redirects, form-data, proxy-from-env), via the Slack SDK.
• Introduces several new small utility dependencies (e.g. call-bind-apply-helpers, es-* helpers, get-intrinsic, hasown, math-intrinsics, etc.) as part of the updated dependency graph.

Risks & Considerations

• The axios upgrade from 0.25.x to 1.x (even though used transitively via Slack) may alter HTTP behavior (defaults, error handling, redirect behavior), which could subtly affect Slack API calls.
• The newer @slack/web-api and @slack/types may enforce updated request/response types or deprecate old fields; any tight coupling to Slack response shapes should be sanity-checked.
• New and updated dependencies slightly increase the project’s dependency surface area; it may be worth scanning for known vulnerabilities or license changes, although core additions remain MIT-licensed.

File-level change summary

File	Change summary
package-lock.json	Regenerates the lockfile to reflect upgraded @slack/web-api and its updated/transitive dependencies (including axios and various utility packages).
package.json	Updates the @slack/web-api dependency version from ^6.7.0 to ^6.9.1.