Context
Axios has triggered multiple CVEs (critical and high). We inherit it as a transitive dependency from @slack/web-api.
We can drop it by replacing the library with direct fetch calls
Steps to replace
- Rewrite
api/slack-client.js to replace WebClient.chat.postMessage with one fetch call.
- Rewrite
e2e/slack-e2e-reporter.ts to replace postMessage (one fetch) and files.uploadV2 (3-step flow: get upload URL → upload bytes → complete upload).
- Drop the dep, remove
@slack/web-api from package.json and the axios override
Context
Axios has triggered multiple CVEs (critical and high). We inherit it as a transitive dependency from
@slack/web-api.We can drop it by replacing the library with direct fetch calls
Steps to replace
api/slack-client.jsto replace WebClient.chat.postMessage with one fetch call.e2e/slack-e2e-reporter.tsto replace postMessage (one fetch) and files.uploadV2 (3-step flow: get upload URL → upload bytes → complete upload).@slack/web-apifrom package.json and the axios override