[Snyk] Security upgrade @slack/web-api from 6.7.0 to 6.9.1

[snyk-io]

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	HTTP Response Splitting SNYK-JS-AXIOS-16298058	730
	Uncontrolled Recursion SNYK-JS-AXIOS-16299923	710

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[snyk-io]

This is a minor version upgrade from 6.7.0 to 6.9.1. The releases within this range primarily include new features, bug fixes, and internal improvements.

Highlights:

• New Features: Support for new API methods and arguments has been added.
• No Breaking Changes: There are no documented breaking changes between these versions.

This upgrade is considered safe with no mandatory actions required.

Source: GitHub Releases

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[hivel-marco]

PR Complexity Score: 1.7 - Trivial

View Breakdown

• Lines Changed: 423
• Files Changed: 2
• Complexity Added: 0
• Raw Score: 14.46

⚠️ Sensitive Data (PII/ Secrets) Detected

File	Types	Count
package-lock.json Line Type Preview 439 Secret: Base64 High Entropy String [Base64 High Entropy String] 449 Secret: Base64 High Entropy String [Base64 High Entropy String] 856 Secret: Base64 High Entropy String [Base64 High Entropy String] 867 Secret: Base64 High Entropy String [Base64 High Entropy String] 1005 Secret: Base64 High Entropy String [Base64 High Entropy String] 1280 Secret: Base64 High Entropy String [Base64 High Entropy String] 1341 Secret: Base64 High Entropy String [Base64 High Entropy String] 1350 Secret: Base64 High Entropy String [Base64 High Entropy String] 1359 Secret: Base64 High Entropy String [Base64 High Entropy String] 1371 Secret: Base64 High Entropy String [Base64 High Entropy String] 1550 Secret: Base64 High Entropy String [Base64 High Entropy String] 1604 Secret: Base64 High Entropy String [Base64 High Entropy String] 1613 Secret: Base64 High Entropy String [Base64 High Entropy String] 1637 Secret: Base64 High Entropy String [Base64 High Entropy String] 1694 Secret: Base64 High Entropy String [Base64 High Entropy String] 1771 Secret: Base64 High Entropy String [Base64 High Entropy String] 1783 Secret: Base64 High Entropy String [Base64 High Entropy String] 1806 Secret: Base64 High Entropy String [Base64 High Entropy String] 2018 Secret: Base64 High Entropy String [Base64 High Entropy String] 2349 Secret: Base64 High Entropy String [Base64 High Entropy String] 2855 Secret: Base64 High Entropy String [Base64 High Entropy String] 4005 Secret: Base64 High Entropy String [Base64 High Entropy String] 4010 Secret: Base64 High Entropy String [Base64 High Entropy String] 4365 Secret: Base64 High Entropy String [Base64 High Entropy String] 4375 Secret: Base64 High Entropy String [Base64 High Entropy String] 4489 Secret: Base64 High Entropy String [Base64 High Entropy String] 4691 Secret: Base64 High Entropy String [Base64 High Entropy String] 4745 Secret: Base64 High Entropy String [Base64 High Entropy String] 4750 Secret: Base64 High Entropy String [Base64 High Entropy String] 4755 Secret: Base64 High Entropy String [Base64 High Entropy String] 4763 Secret: Base64 High Entropy String [Base64 High Entropy String] 4904 Secret: Base64 High Entropy String [Base64 High Entropy String] 4934 Secret: Base64 High Entropy String [Base64 High Entropy String] 4939 Secret: Base64 High Entropy String [Base64 High Entropy String] 4956 Secret: Base64 High Entropy String [Base64 High Entropy String] 4994 Secret: Base64 High Entropy String [Base64 High Entropy String] 5047 Secret: Base64 High Entropy String [Base64 High Entropy String] 5052 Secret: Base64 High Entropy String [Base64 High Entropy String] 5065 Secret: Base64 High Entropy String [Base64 High Entropy String] 5220 Secret: Base64 High Entropy String [Base64 High Entropy String] 5483 Secret: Base64 High Entropy String [Base64 High Entropy String] 5868 Secret: Base64 High Entropy String [Base64 High Entropy String]	Base64 High Entropy String	42

Overview

This PR upgrades the Slack Web API client dependency to a newer minor version and refreshes its transitive dependencies accordingly. The updates are focused on dependency security, compatibility, and keeping the Slack client up to date. No application code changes are introduced; all changes are in dependency manifests.

Key Changes

• Bumps @slack/web-api from ^6.7.0 to ^6.9.1 to pick up upstream improvements and fixes.
• Updates transitive Slack dependencies, including @slack/types from 2.4.0 to 2.20.1.
• Pulls in a newer Axios major version (from 0.25.0 to 1.15.2) and associated dependencies (follow-redirects, form-data, proxy-from-env, and several small utility packages).
• Normalizes dependency metadata in package-lock.json (e.g., added license fields and new helper libs) as a result of re-locking with the new versions.

Risks & Considerations

• Axios major version change (0.x → 1.x) may introduce breaking behavior if any direct or indirect usage relies on now-changed semantics (even though it is currently only a transitive dependency via @slack/web-api).
• Minor version bump of @slack/web-api could alter request/response typings or behavior; Slack integration paths should be smoke-tested (message sending, error handling, retries).
• New/updated transitive dependencies (e.g., follow-redirects, is-electron, form-data) may affect HTTP behavior such as redirects, proxy handling, or environment detection.
• Ensure runtime Node.js version remains compatible with the updated dependency engine requirements (still targeting Node >=12.x, but worth verifying in CI/runtime environments).

File-level change summary

File	Change summary
package.json	Updates @slack/web-api dependency from ^6.7.0 to ^6.9.1.
package-lock.json	Regenerates lockfile to reflect the @slack/web-api upgrade and associated transitive dependency updates (including Axios and various utility libraries).