Upgrade the OAuth module to the latest (#1802)

package.json

@@ -42,7 +42,7 @@
   },
   "dependencies": {
     "@slack/logger": "^3.0.0",
-    "@slack/oauth": "^2.6.0",
+    "@slack/oauth": "^2.6.1",
     "@slack/socket-mode": "^1.3.0",
     "@slack/types": "^2.7.0",
     "@slack/web-api": "^6.7.1",

src/App.ts

@@ -378,7 +378,7 @@ export default class App<AppCustomContext extends StringIndexed = StringIndexed>
         failure: (error, _installOptions, _req, res) => {
           this.logger.debug(error);
           res.writeHead(500, { 'Content-Type': 'text/html' });
-          res.end(`<html><body><h1>OAuth failed!</h1><div>${error}</div></body></html>`);
+          res.end(`<html><body><h1>OAuth failed!</h1><div>${escapeHtml(error.code)}</div></body></html>`);
         },
       };
     }
@@ -1563,6 +1563,17 @@ function isEventTypeToSkipAuthorize(eventType: string) {
   return eventTypesToSkipAuthorize.includes(eventType);
 }
 
+function escapeHtml(input: string | undefined | null): string {
+  if (input) {
+    return input.replace(/&/g, '&amp;')
+      .replace(/</g, '&lt;')
+      .replace(/>/g, '&gt;')
+      .replace(/"/g, '&quot;')
+      .replace(/'/g, '&#x27;');
+  }
+  return '';
+}
+
 // ----------------------------
 // Instrumentation
 // Don't change the position of the following code