chore(deps): bump github.com/slack-go/slack from 0.22.0 to 0.23.1

[dependabot]

Bumps github.com/slack-go/slack from 0.22.0 to 0.23.1.

Release notes

Sourced from github.com/slack-go/slack's releases.

v0.23.1

[!IMPORTANT] Even though this is a [security] patch release, if you were using an empty secret, this is a breaking change due to a change in behaviour. That's on purpose, to ensure you fix your approach so that there are no footguns.

Fixed

• NewSecretsVerifier now rejects empty signing secrets to avoid accepting forged request signatures when applications are misconfigured.

Full Changelog: slack-go/slack@v0.23.0...v0.23.1

v0.23.0

Added

• feat(socketmode): expose socketmode handler dispatcher method by @​nlopes in slack-go/slack#1550
• feat(block): add card and carousel blocks by @​nlopes in slack-go/slack#1551
• feat(assistant): add username and icon to status update by @​charleenwang in slack-go/slack#1553
• feat(block): add alert block by @​nlopes in slack-go/slack#1552

New Contributors

• @​charleenwang made their first contribution in slack-go/slack#1553

Full Changelog: slack-go/slack@v0.22.0...v0.23.0

Changelog

Sourced from github.com/slack-go/slack's changelog.

[0.23.1] - 2026-05-10

Fixed

• NewSecretsVerifier now rejects empty signing secrets to avoid accepting forged request signatures when applications are misconfigured.

[0.23.0] - 2026-04-22

Added

• Block Kit: CardBlock and CarouselBlock — Support for two of the new agent-UI blocks announced in the April 16 Slack changelog. CardBlock is constructed via NewCardBlock with a functional-options pattern and fluent With* builders (WithTitle, WithSubtitle, WithBody, WithIcon, WithHeroImage, WithActions). CarouselBlock is constructed via NewCarouselBlock with a variadic *CardBlock list plus WithBlockID and AddCard helpers. Both blocks wire into Blocks.UnmarshalJSON for round-trip fidelity, and reuse existing ImageBlockElement / ButtonBlockElement / BlockElements types rather than introducing new composition objects.
• Block Kit: AlertBlock — Support for the third of the new agent-UI blocks from the April 16 Slack changelog. AlertBlock is constructed via NewAlertBlock with a *TextBlockObject body and a functional-options pattern. Severity is set via AlertBlockOptionLevel (AlertLevelDefault, AlertLevelInfo, AlertLevelWarning, AlertLevelError, AlertLevelSuccess) and the block ID via AlertBlockOptionBlockID. Wires into Blocks.UnmarshalJSON for round-trip fidelity. Must be delivered via the streaming chunks API — chat.postMessage rejects it as an unsupported block type.
• Streaming-message chunks API — chat.startStream / chat.appendStream / chat.stopStream now accept a chunks parameter. Added MsgOptionChunks along with a StreamChunk interface and four chunk types: MarkdownTextChunk, TaskUpdateChunk, PlanUpdateChunk, and BlocksChunk (each with a New*Chunk constructor). This is the supported transport for streaming Block Kit content and the new agent-UI blocks in particular (which chat.postMessage rejects as Unsupported block type).
• MsgOptionTaskDisplayMode — New option for chat.startStream controlling whether task chunks render as a sequential timeline or a grouped plan. Accepts TaskDisplayModeTimeline or TaskDisplayModePlan.
• Added Username, IconURL, and IconEmoji fields to AssistantThreadsSetStatusParameters, forwarded by SetAssistantThreadsStatusContext, matching the new optional parameters on assistant.threads.setStatus for customising the status-update presentation.
• Exposed SocketmodeHandler.DispatchEvent (previously the unexported dispatcher), enabling integration tests to exercise registered handlers without a live WebSocket connection. The unexported dispatcher is kept as

... (truncated)

Commits

• 34ad5c0 security: reject empty signing secret for NewSecretsVerifier
• c6edc27 chore: bump go to 1.25.9
• 35d8f31 chore: bump to v0.23.0
• ae59061 feat(block): add alert block (#1552)
• 2df5cfa feat(assistant): add username and icon to status update (#1553)
• e3c0e8b feat(block): add card and carousel blocks (#1551)
• 4c472cd feat(socketmode): expose socketmode handler dispatcher method (#1550)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Looks like github.com/slack-go/slack is up-to-date now, so this is no longer needed.