Skip to content

chore(deps): bump github.com/slack-go/slack from 0.21.0 to 0.23.1#96

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/slack-go/slack-0.23.1
Open

chore(deps): bump github.com/slack-go/slack from 0.21.0 to 0.23.1#96
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/slack-go/slack-0.23.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 12, 2026

Bumps github.com/slack-go/slack from 0.21.0 to 0.23.1.

Release notes

Sourced from github.com/slack-go/slack's releases.

v0.23.1

[!IMPORTANT] Even though this is a [security] patch release, if you were using an empty secret, this is a breaking change due to a change in behaviour. That's on purpose, to ensure you fix your approach so that there are no footguns.

Fixed

  • NewSecretsVerifier now rejects empty signing secrets to avoid accepting forged request signatures when applications are misconfigured.

Full Changelog: slack-go/slack@v0.23.0...v0.23.1

v0.23.0

Added

New Contributors

Full Changelog: slack-go/slack@v0.22.0...v0.23.0

v0.22.0

What's Changed

Added

  • OAuth PKCE support - OAuthOptionCodeVerifier option for GetOAuthV2Response, plus GenerateCodeVerifier() and GenerateCodeChallenge() helpers (RFC 7636). client_secret is now conditionally omitted when empty in both GetOAuthV2ResponseContext and RefreshOAuthV2TokenContext.
  • Manifest scope fields - BotOptional and UserOptional on OAuthScopes.
  • Rich text styles - Underline, Highlight, ClientHighlight, and Unlink on RichTextSectionTextStyle. Style field on RichTextSectionUserGroupElement.
  • Assistant search context - Sort, SortDir, Before, After, Highlight, IncludeContextMessages, IncludeDeletedUsers, IncludeMessageBlocks, IncludeArchivedChannels, DisableSemanticSearch, Modifiers, TermClauses parameters and new response types (AssistantSearchContextFile, AssistantSearchContextChannel, AssistantSearchContextMessageContext).

Fixed

  • socketmode: malformed JSON no longer forces reconnect - json.SyntaxError and json.UnmarshalTypeError now emit an EventTypeIncomingError event and continue reading instead of killing the WebSocket connection.
  • socketmode: debug_reconnects query param applied correctly - the parameter was silently discarded due to a missing url.RawQuery assignment.
  • ChannelTypes and ContentTypes now send comma-separated values instead of repeated form keys, matching the convention used by every other method in the library.

Docs

  • assistant:write scope marked as deprecated in favour of chat:write.

Full Changelog: v0.21.1...v0.22.0

v0.21.1

Added

  • MessageEvent channel type helpers — New ChannelTypeChannel, ChannelTypeGroup,

... (truncated)

Changelog

Sourced from github.com/slack-go/slack's changelog.

[0.23.1] - 2026-05-10

Fixed

  • NewSecretsVerifier now rejects empty signing secrets to avoid accepting forged request signatures when applications are misconfigured.

[0.23.0] - 2026-04-22

Added

  • Block Kit: CardBlock and CarouselBlock — Support for two of the new agent-UI blocks announced in the April 16 Slack changelog. CardBlock is constructed via NewCardBlock with a functional-options pattern and fluent With* builders (WithTitle, WithSubtitle, WithBody, WithIcon, WithHeroImage, WithActions). CarouselBlock is constructed via NewCarouselBlock with a variadic *CardBlock list plus WithBlockID and AddCard helpers. Both blocks wire into Blocks.UnmarshalJSON for round-trip fidelity, and reuse existing ImageBlockElement / ButtonBlockElement / BlockElements types rather than introducing new composition objects.
  • Block Kit: AlertBlock — Support for the third of the new agent-UI blocks from the April 16 Slack changelog. AlertBlock is constructed via NewAlertBlock with a *TextBlockObject body and a functional-options pattern. Severity is set via AlertBlockOptionLevel (AlertLevelDefault, AlertLevelInfo, AlertLevelWarning, AlertLevelError, AlertLevelSuccess) and the block ID via AlertBlockOptionBlockID. Wires into Blocks.UnmarshalJSON for round-trip fidelity. Must be delivered via the streaming chunks API — chat.postMessage rejects it as an unsupported block type.
  • Streaming-message chunks APIchat.startStream / chat.appendStream / chat.stopStream now accept a chunks parameter. Added MsgOptionChunks along with a StreamChunk interface and four chunk types: MarkdownTextChunk, TaskUpdateChunk, PlanUpdateChunk, and BlocksChunk (each with a New*Chunk constructor). This is the supported transport for streaming Block Kit content and the new agent-UI blocks in particular (which chat.postMessage rejects as Unsupported block type).
  • MsgOptionTaskDisplayMode — New option for chat.startStream controlling whether task chunks render as a sequential timeline or a grouped plan. Accepts TaskDisplayModeTimeline or TaskDisplayModePlan.
  • Added Username, IconURL, and IconEmoji fields to AssistantThreadsSetStatusParameters, forwarded by SetAssistantThreadsStatusContext, matching the new optional parameters on assistant.threads.setStatus for customising the status-update presentation.
  • Exposed SocketmodeHandler.DispatchEvent (previously the unexported dispatcher), enabling integration tests to exercise registered handlers without a live WebSocket connection. The unexported dispatcher is kept as

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump github.com/slack-go/slack from 0.21.0 to 0.23.1
95aac9f 
Bumps [github.com/slack-go/slack](https://github.com/slack-go/slack) from 0.21.0 to 0.23.1.
- [Release notes](https://github.com/slack-go/slack/releases)
- [Changelog](https://github.com/slack-go/slack/blob/master/CHANGELOG.md)
- [Commits](slack-go/slack@v0.21.0...v0.23.1)

---
updated-dependencies:
- dependency-name: github.com/slack-go/slack
  dependency-version: 0.23.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file. task labels May 12, 2026
@dependabot dependabot Bot mentioned this pull request May 12, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file. task

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants