Skip to content

build(deps): Bump @slack/bolt from 4.7.2 to 4.7.3#27

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/slack/bolt-4.7.3
Jun 1, 2026
Merged

build(deps): Bump @slack/bolt from 4.7.2 to 4.7.3#27
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/slack/bolt-4.7.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 1, 2026

Copy link
Copy Markdown
Contributor

Bumps @slack/bolt from 4.7.2 to 4.7.3.

Changelog

Sourced from @​slack/bolt's changelog.

4.7.3

Patch Changes

  • 341b60e: Reject empty signingSecret at initialization to prevent accidental HMAC signature forgery.
Commits
  • 97bfd71 chore: release (#2947)
  • 341b60e fix: reject empty signingSecret to prevent involuntary signature bypass (#2946)
  • 6779cf7 chore(deps): bump qs from 6.14.2 to 6.15.2 in /examples/custom-receiver (#2943)
  • 834e3e0 chore(deps): bump ws from 8.20.0 to 8.20.1 in /examples/custom-receiver (#2942)
  • 1ed7854 chore(deps): bump koa and @​types/koa in /examples/custom-receiver (#2941)
  • ba4deb6 chore(deps-dev): update serverless requirement from ^4.35.1 to ^4.36.1 in /ex...
  • 8a2e936 chore(deps-dev): update serverless-offline requirement from ^14.5.0 to ^14.6....
  • 2cb9482 chore(deps-dev): bump @​types/node from 24.12.3 to 24.12.4 in /examples/custom...
  • 752f2e2 chore(deps): bump @​slack/web-api from 7.15.2 to 7.16.0 (#2933)
  • be24571 chore: update biome configurations and applied settings (#2931)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Code from external packages npm Updates for Node packages labels Jun 1, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 1, 2026 01:17
@dependabot dependabot Bot added the npm Updates for Node packages label Jun 1, 2026
@github-actions github-actions Bot enabled auto-merge (squash) June 1, 2026 01:17
Bumps [@slack/bolt](https://github.com/slackapi/bolt-js) from 4.7.2 to 4.7.3.
- [Release notes](https://github.com/slackapi/bolt-js/releases)
- [Changelog](https://github.com/slackapi/bolt-js/blob/main/CHANGELOG.md)
- [Commits](slackapi/bolt-js@v4.7.2...v4.7.3)

---
updated-dependencies:
- dependency-name: "@slack/bolt"
  dependency-version: 4.7.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/slack/bolt-4.7.3 branch from b0d1238 to 5c1fa7b Compare June 1, 2026 01:19
@github-actions github-actions Bot merged commit d93dc48 into main Jun 1, 2026
5 checks passed
@github-actions github-actions Bot deleted the dependabot/npm_and_yarn/slack/bolt-4.7.3 branch June 1, 2026 01:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Code from external packages npm Updates for Node packages

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants