Skip to content

build(deps): Bump @slack/bolt from 4.7.2 to 4.7.3#239

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/slack/bolt-4.7.3
Closed

build(deps): Bump @slack/bolt from 4.7.2 to 4.7.3#239
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/slack/bolt-4.7.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 4, 2026

Copy link
Copy Markdown
Contributor

Bumps @slack/bolt from 4.7.2 to 4.7.3.

Changelog

Sourced from @​slack/bolt's changelog.

4.7.3

Patch Changes

  • 341b60e: Reject empty signingSecret at initialization to prevent accidental HMAC signature forgery.
Commits
  • 97bfd71 chore: release (#2947)
  • 341b60e fix: reject empty signingSecret to prevent involuntary signature bypass (#2946)
  • 6779cf7 chore(deps): bump qs from 6.14.2 to 6.15.2 in /examples/custom-receiver (#2943)
  • 834e3e0 chore(deps): bump ws from 8.20.0 to 8.20.1 in /examples/custom-receiver (#2942)
  • 1ed7854 chore(deps): bump koa and @​types/koa in /examples/custom-receiver (#2941)
  • ba4deb6 chore(deps-dev): update serverless requirement from ^4.35.1 to ^4.36.1 in /ex...
  • 8a2e936 chore(deps-dev): update serverless-offline requirement from ^14.5.0 to ^14.6....
  • 2cb9482 chore(deps-dev): bump @​types/node from 24.12.3 to 24.12.4 in /examples/custom...
  • 752f2e2 chore(deps): bump @​slack/web-api from 7.15.2 to 7.16.0 (#2933)
  • be24571 chore: update biome configurations and applied settings (#2931)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 4, 2026
Bumps [@slack/bolt](https://github.com/slackapi/bolt-js) from 4.7.2 to 4.7.3.
- [Release notes](https://github.com/slackapi/bolt-js/releases)
- [Changelog](https://github.com/slackapi/bolt-js/blob/main/CHANGELOG.md)
- [Commits](slackapi/bolt-js@v4.7.2...v4.7.3)

---
updated-dependencies:
- dependency-name: "@slack/bolt"
  dependency-version: 4.7.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/slack/bolt-4.7.3 branch from 496262a to 1686aa0 Compare June 17, 2026 02:10
@dependabot @github

dependabot Bot commented on behalf of github Jun 17, 2026

Copy link
Copy Markdown
Contributor Author

Looks like @slack/bolt is up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 17, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/slack/bolt-4.7.3 branch June 17, 2026 04:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants