Skip to content

chore: bump github.com/slack-go/slack from 0.23.0 to 0.23.1#8

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/slack-go/slack-0.23.1
Open

chore: bump github.com/slack-go/slack from 0.23.0 to 0.23.1#8
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/slack-go/slack-0.23.1

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 14, 2026
edited
Loading

Bumps github.com/slack-go/slack from 0.23.0 to 0.23.1.

Release notes

Sourced from github.com/slack-go/slack's releases.

v0.23.1

[!IMPORTANT] Even though this is a [security] patch release, if you were using an empty secret, this is a breaking change due to a change in behaviour. That's on purpose, to ensure you fix your approach so that there are no footguns.

Fixed

  • NewSecretsVerifier now rejects empty signing secrets to avoid accepting forged request signatures when applications are misconfigured.

Full Changelog: slack-go/slack@v0.23.0...v0.23.1

Changelog

Sourced from github.com/slack-go/slack's changelog.

[0.23.1] - 2026-05-10

Fixed

  • NewSecretsVerifier now rejects empty signing secrets to avoid accepting forged request signatures when applications are misconfigured.
Commits
  • 34ad5c0 security: reject empty signing secret for NewSecretsVerifier
  • c6edc27 chore: bump go to 1.25.9
  • See full diff in compare view

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency label May 14, 2026
@dependabot dependabot Bot requested a review from matcra587 as a code owner May 14, 2026 22:29
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency label May 14, 2026
@dependabot
chore: bump github.com/slack-go/slack from 0.23.0 to 0.23.1
d6f9d01 
Bumps [github.com/slack-go/slack](https://github.com/slack-go/slack) from 0.23.0 to 0.23.1.
- [Release notes](https://github.com/slack-go/slack/releases)
- [Changelog](https://github.com/slack-go/slack/blob/master/CHANGELOG.md)
- [Commits](slack-go/slack@v0.23.0...v0.23.1)

---
updated-dependencies:
- dependency-name: github.com/slack-go/slack
  dependency-version: 0.23.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/slack-go/slack-0.23.1 branch from c4f3ecd to d6f9d01 Compare May 26, 2026 05:02
@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 26, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedgithub.com/​slack-go/​slack@​v0.23.0 ⏵ v0.23.173 +1100 +2100100100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matcra587 matcra587 Awaiting requested review from matcra587 matcra587 is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants