[Snyk] Security upgrade @slack/web-api from 6.7.0 to 6.9.1

[snyk-io]

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Unintended Proxy or Intermediary ('Confused Deputy') SNYK-JS-AXIOS-15965856	730
	HTTP Response Splitting SNYK-JS-AXIOS-15969258	550

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[snyk-io]

This is a minor version upgrade from 6.7.0 to 6.9.1. The releases within this range primarily include new features, bug fixes, and internal improvements.

Highlights:

• New Features: Support for new API methods and arguments has been added.
• No Breaking Changes: There are no documented breaking changes between these versions.

This upgrade is considered safe with no mandatory actions required.

Source: GitHub Releases

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[hivel-marco]

PR Complexity Score: 1.7 - Trivial

View Breakdown

• Lines Changed: 423
• Files Changed: 2
• Complexity Added: 0
• Raw Score: 14.46

⚠️ Sensitive Data (PII/ Secrets) Detected

File	Types	Count
package-lock.json Line Type Preview 439 Secret: Base64 High Entropy String [Base64 High Entropy String] 449 Secret: Base64 High Entropy String [Base64 High Entropy String] 856 Secret: Base64 High Entropy String [Base64 High Entropy String] 867 Secret: Base64 High Entropy String [Base64 High Entropy String] 1005 Secret: Base64 High Entropy String [Base64 High Entropy String] 1280 Secret: Base64 High Entropy String [Base64 High Entropy String] 1341 Secret: Base64 High Entropy String [Base64 High Entropy String] 1350 Secret: Base64 High Entropy String [Base64 High Entropy String] 1359 Secret: Base64 High Entropy String [Base64 High Entropy String] 1371 Secret: Base64 High Entropy String [Base64 High Entropy String] 1550 Secret: Base64 High Entropy String [Base64 High Entropy String] 1604 Secret: Base64 High Entropy String [Base64 High Entropy String] 1613 Secret: Base64 High Entropy String [Base64 High Entropy String] 1637 Secret: Base64 High Entropy String [Base64 High Entropy String] 1694 Secret: Base64 High Entropy String [Base64 High Entropy String] 1771 Secret: Base64 High Entropy String [Base64 High Entropy String] 1783 Secret: Base64 High Entropy String [Base64 High Entropy String] 1806 Secret: Base64 High Entropy String [Base64 High Entropy String] 2018 Secret: Base64 High Entropy String [Base64 High Entropy String] 2349 Secret: Base64 High Entropy String [Base64 High Entropy String] 2855 Secret: Base64 High Entropy String [Base64 High Entropy String] 4005 Secret: Base64 High Entropy String [Base64 High Entropy String] 4010 Secret: Base64 High Entropy String [Base64 High Entropy String] 4365 Secret: Base64 High Entropy String [Base64 High Entropy String] 4375 Secret: Base64 High Entropy String [Base64 High Entropy String] 4489 Secret: Base64 High Entropy String [Base64 High Entropy String] 4691 Secret: Base64 High Entropy String [Base64 High Entropy String] 4745 Secret: Base64 High Entropy String [Base64 High Entropy String] 4750 Secret: Base64 High Entropy String [Base64 High Entropy String] 4755 Secret: Base64 High Entropy String [Base64 High Entropy String] 4763 Secret: Base64 High Entropy String [Base64 High Entropy String] 4904 Secret: Base64 High Entropy String [Base64 High Entropy String] 4934 Secret: Base64 High Entropy String [Base64 High Entropy String] 4939 Secret: Base64 High Entropy String [Base64 High Entropy String] 4956 Secret: Base64 High Entropy String [Base64 High Entropy String] 4994 Secret: Base64 High Entropy String [Base64 High Entropy String] 5047 Secret: Base64 High Entropy String [Base64 High Entropy String] 5052 Secret: Base64 High Entropy String [Base64 High Entropy String] 5065 Secret: Base64 High Entropy String [Base64 High Entropy String] 5220 Secret: Base64 High Entropy String [Base64 High Entropy String] 5483 Secret: Base64 High Entropy String [Base64 High Entropy String] 5868 Secret: Base64 High Entropy String [Base64 High Entropy String]	Base64 High Entropy String	42

Overview

This PR upgrades the Slack Web API client and related HTTP dependencies to more recent versions.
It focuses on keeping Slack integration and its transitive dependencies (like axios and follow-redirects) current and secure.
The changes are limited to dependency version bumps in package.json and the corresponding lockfile updates.

Key Changes

• Bumps @slack/web-api from ^6.7.0 to ^6.9.1 to use a newer Slack Web API client.
• Updates transitive Slack dependencies, including @slack/types (2.4.0 → 2.20.1) and is-electron (2.2.0 → 2.2.2).
• Upgrades axios from 0.25.0 to 1.15.0, bringing in newer follow-redirects, form-data, and proxy-from-env versions.
• Introduces several small utility libraries (e.g., call-bind-apply-helpers, es-* helpers, get-intrinsic, math-intrinsics, hasown) as transitive dependencies required by the updated packages.

Risks & Considerations

• Axios 1.x is a major version jump from 0.25.0; while usage appears transitive via @slack/web-api, reviewers should verify no direct code relies on old axios behavior (e.g., error shapes, default config).
• The Slack SDK and types upgrades may introduce subtle type or behavior changes; Slack-related workflows should be regression tested (message sending, errors, rate limiting, retries).
• New transitive dependencies slightly increase the dependency surface area; security scanning should be re-run to confirm no new vulnerabilities.
• Ensure the runtime Node version used in production is compatible with the raised minimums implied by updated dependencies (generally Node 12+ or 10+ for some utilities).

File-level change summary

File	Change summary
package-lock.json	Regenerates lockfile to reflect upgraded @slack/web-api, axios, @slack/types, is-electron, and their new/updated transitive dependencies and metadata.
package.json	Updates the @slack/web-api dependency version from ^6.7.0 to ^6.9.1.