Bump github.com/slack-go/slack from 0.17.3 to 0.24.0

[dependabot]

Bumps github.com/slack-go/slack from 0.17.3 to 0.24.0.

Release notes

Sourced from github.com/slack-go/slack's releases.

v0.24.0

What's Changed

• docs: format go get command in code block by @​akhil-ge0rge in slack-go/slack#1554
• feat: add new block kit block Data Table by @​nlopes in slack-go/slack#1555

[!IMPORTANT] NewTaskCardBlock and NewPlanBlock now guard against nil variadic options so if you were doing that (which you shouldn't) this is a breaking change.

New Contributors

• @​akhil-ge0rge made their first contribution in slack-go/slack#1554

Full Changelog: slack-go/slack@v0.23.1...v0.24.0

v0.23.1

[!IMPORTANT] Even though this is a [security] patch release, if you were using an empty secret, this is a breaking change due to a change in behaviour. That's on purpose, to ensure you fix your approach so that there are no footguns.

Fixed

• NewSecretsVerifier now rejects empty signing secrets to avoid accepting forged request signatures when applications are misconfigured.

Full Changelog: slack-go/slack@v0.23.0...v0.23.1

v0.23.0

Added

• feat(socketmode): expose socketmode handler dispatcher method by @​nlopes in slack-go/slack#1550
• feat(block): add card and carousel blocks by @​nlopes in slack-go/slack#1551
• feat(assistant): add username and icon to status update by @​charleenwang in slack-go/slack#1553
• feat(block): add alert block by @​nlopes in slack-go/slack#1552

New Contributors

• @​charleenwang made their first contribution in slack-go/slack#1553

Full Changelog: slack-go/slack@v0.22.0...v0.23.0

v0.22.0

What's Changed

Added

• OAuth PKCE support - OAuthOptionCodeVerifier option for GetOAuthV2Response, plus GenerateCodeVerifier() and GenerateCodeChallenge() helpers (RFC 7636). client_secret is now conditionally omitted when empty in both GetOAuthV2ResponseContext and RefreshOAuthV2TokenContext.
• Manifest scope fields - BotOptional and UserOptional on OAuthScopes.
• Rich text styles - Underline, Highlight, ClientHighlight, and Unlink on RichTextSectionTextStyle. Style field on RichTextSectionUserGroupElement.
• Assistant search context - Sort, SortDir, Before, After, Highlight, IncludeContextMessages, IncludeDeletedUsers, IncludeMessageBlocks, IncludeArchivedChannels, DisableSemanticSearch, Modifiers, TermClauses parameters and new response types (AssistantSearchContextFile, AssistantSearchContextChannel, AssistantSearchContextMessageContext).

Fixed

• socketmode: malformed JSON no longer forces reconnect - json.SyntaxError and json.UnmarshalTypeError now emit an EventTypeIncomingError event and continue reading instead of killing the WebSocket connection.
• socketmode: debug_reconnects query param applied correctly - the parameter was silently discarded due to a missing url.RawQuery assignment.

... (truncated)

Changelog

Sourced from github.com/slack-go/slack's changelog.

[0.24.0]

Added

• Block Kit: DataTableBlock for the data_table block, with NewDataTableBlock, AddRow, raw-text/raw-number/rich-text cell constructors, and WithPageSize / WithRowHeaderColumnIndex builders.

Changed

• NewTaskCardBlock and NewPlanBlock nil-guard their variadic options, matching the other block constructors (#1236).

[0.23.1] - 2026-05-10

Fixed

• NewSecretsVerifier now rejects empty signing secrets to avoid accepting forged request signatures when applications are misconfigured.

[0.23.0] - 2026-04-22

Added

• Block Kit: CardBlock and CarouselBlock — Support for two of the new agent-UI blocks announced in the April 16 Slack changelog. CardBlock is constructed via NewCardBlock with a functional-options pattern and fluent With* builders (WithTitle, WithSubtitle, WithBody, WithIcon, WithHeroImage, WithActions). CarouselBlock is constructed via NewCarouselBlock with a variadic *CardBlock list plus WithBlockID and AddCard helpers. Both blocks wire into Blocks.UnmarshalJSON for round-trip fidelity, and reuse existing ImageBlockElement / ButtonBlockElement / BlockElements types rather than introducing new composition objects.
• Block Kit: AlertBlock — Support for the third of the new agent-UI blocks from the April 16 Slack changelog. AlertBlock is constructed via NewAlertBlock with a *TextBlockObject body and a functional-options pattern. Severity is set via AlertBlockOptionLevel (AlertLevelDefault, AlertLevelInfo, AlertLevelWarning, AlertLevelError, AlertLevelSuccess) and the block ID via AlertBlockOptionBlockID. Wires into Blocks.UnmarshalJSON for round-trip fidelity. Must be delivered via the streaming chunks API — chat.postMessage rejects it as an unsupported block type.
• Streaming-message chunks API — chat.startStream / chat.appendStream / chat.stopStream now accept a chunks parameter. Added MsgOptionChunks along with a StreamChunk interface and four chunk types: MarkdownTextChunk, TaskUpdateChunk, PlanUpdateChunk, and BlocksChunk (each with a New*Chunk constructor). This is the supported transport for

... (truncated)

Commits

• 0b30f31 chore: bump to v0.24.0
• 8c5ef3c feat: add new block kit block Data Table (#1555)
• ff3ada6 docs: format go get command in code block (#1554)
• 34ad5c0 security: reject empty signing secret for NewSecretsVerifier
• c6edc27 chore: bump go to 1.25.9
• 35d8f31 chore: bump to v0.23.0
• ae59061 feat(block): add alert block (#1552)
• 2df5cfa feat(assistant): add username and icon to status update (#1553)
• e3c0e8b feat(block): add card and carousel blocks (#1551)
• 4c472cd feat(socketmode): expose socketmode handler dispatcher method (#1550)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

✅⚠️MegaLinter analysis: Success with warnings

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	2		0	0	0.01s
✅ COPYPASTE	jscpd	yes		no	no	1.51s
✅ GO	golangci-lint	yes		no	no	29.81s
✅ GO	revive	yes		no	no	20.15s
⚠️ MARKDOWN	markdownlint	1		1	0	0.62s
✅ MARKDOWN	markdown-table-formatter	1		0	0	0.48s
✅ REPOSITORY	checkov	yes		no	no	27.76s
✅ REPOSITORY	gitleaks	yes		no	no	0.19s
✅ REPOSITORY	git_diff	yes		no	no	0.0s
✅ REPOSITORY	grype	yes		no	no	64.46s
⚠️ REPOSITORY	secretlint	yes		1	no	0.97s
✅ REPOSITORY	syft	yes		no	no	2.64s
✅ REPOSITORY	trivy	yes		no	no	13.45s
✅ REPOSITORY	trivy-sbom	yes		no	no	1.36s
✅ REPOSITORY	trufflehog	yes		no	no	4.32s
✅ SPELL	lychee	5		0	0	0.19s
✅ YAML	prettier	4		0	0	0.52s
✅ YAML	v8r	4		0	0	3.87s
✅ YAML	yamllint	4		0	0	0.66s

Detailed Issues

⚠️ MARKDOWN / markdownlint - 1 error

README.md:191 error MD040/fenced-code-language Fenced code blocks should have a language specified [Context: "```"]

⚠️ REPOSITORY / secretlint - 1 error

README.md
   53:9  error  [SLACK_TOKEN] found slack token: ******************************  @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-slack
   74:9  error  [SLACK_TOKEN] found slack token: ***************                 @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-slack
   79:9  error  [SLACK_TOKEN] found slack token: **************                  @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-slack
  114:9  error  [SLACK_TOKEN] found slack token: *******************             @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-slack

✖ 4 problems (4 errors, 0 warnings, 0 infos)

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.4.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,COPYPASTE_JSCPD,GO_GOLANGCI_LINT,GO_REVIVE,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

Show us your support by starring ⭐ the repository