bump deps

[malewis5]

This pull request focuses on updating dependencies in the @vercel/slack-bolt package and addressing a security concern by overriding the vite version. It also includes minor improvements to test formatting for readability.

Dependency and security updates:

• Bumped several dev dependencies in packages/slack-bolt/package.json, including @biomejs/biome, @types/node, @vitest/coverage-v8, and vitest, to their latest patch versions.
• Added a pnpm.overrides section in the root package.json to force the vite version to 7.3.2, mitigating a vulnerability in the version range required by vitest.
• Added a changeset file documenting the dependency bumps and the vite override due to the security issue.

Test code improvements:

• Reformatted parameterized test definitions in packages/slack-bolt/src/internal/slack/index.test.ts for better readability and maintainability. [1] [2]

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
slack-bolt-nextjs	Ready	Preview, Comment	Apr 7, 2026 1:56pm

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	vitest@​4.1.2 ⏵ 4.1.3	+2		+1
	@​vitest/​coverage-v8@​4.1.2 ⏵ 4.1.3				+2
	@​types/​node@​20.19.35 ⏵ 20.19.39	+1		+1
	turbo@​2.9.2 ⏵ 2.9.4
	@​slack/​bolt@​4.7.0

View full report