Bump github.com/slack-go/slack from 0.21.0 to 0.22.0

[dependabot]

Bumps github.com/slack-go/slack from 0.21.0 to 0.22.0.

Release notes

Sourced from github.com/slack-go/slack's releases.

v0.22.0

What's Changed

Added

• OAuth PKCE support - OAuthOptionCodeVerifier option for GetOAuthV2Response, plus GenerateCodeVerifier() and GenerateCodeChallenge() helpers (RFC 7636). client_secret is now conditionally omitted when empty in both GetOAuthV2ResponseContext and RefreshOAuthV2TokenContext.
• Manifest scope fields - BotOptional and UserOptional on OAuthScopes.
• Rich text styles - Underline, Highlight, ClientHighlight, and Unlink on RichTextSectionTextStyle. Style field on RichTextSectionUserGroupElement.
• Assistant search context - Sort, SortDir, Before, After, Highlight, IncludeContextMessages, IncludeDeletedUsers, IncludeMessageBlocks, IncludeArchivedChannels, DisableSemanticSearch, Modifiers, TermClauses parameters and new response types (AssistantSearchContextFile, AssistantSearchContextChannel, AssistantSearchContextMessageContext).

Fixed

• socketmode: malformed JSON no longer forces reconnect - json.SyntaxError and json.UnmarshalTypeError now emit an EventTypeIncomingError event and continue reading instead of killing the WebSocket connection.
• socketmode: debug_reconnects query param applied correctly - the parameter was silently discarded due to a missing url.RawQuery assignment.
• ChannelTypes and ContentTypes now send comma-separated values instead of repeated form keys, matching the convention used by every other method in the library.

Docs

• assistant:write scope marked as deprecated in favour of chat:write.

Full Changelog: v0.21.1...v0.22.0

v0.21.1

Added

• MessageEvent channel type helpers — New ChannelTypeChannel, ChannelTypeGroup, ChannelTypeIM, and ChannelTypeMPIM constants plus IsChannel(), IsGroup(), IsIM(), and IsMpIM() convenience methods on MessageEvent. No more comparing raw strings to figure out where a message came from:

if ev.IsIM() {
    // handle direct message
}

Fixed

• MessageEvent doc typo — ChannelType documentation listed "mim" instead of the correct "mpim".
• Duplicate attachment/block serialization — MsgOptionAttachments and MsgOptionBlocks were serializing payloads twice (once for the response-URL JSON path, once for the form POST path). Serialization now happens once inside formSender.BuildRequestContext. (#1547)

[!NOTE] UnsafeApplyMsgOptions no longer includes attachments/blocks keys in the returned values, since marshalling is deferred to send time. This function is documented as unsupported.

Changelog

Sourced from github.com/slack-go/slack's changelog.

[0.22.0] - 2026-04-12

Added

• Added missing parameters to assistant.search.context (Sort, SortDir, Before, After, Highlight, IncludeContextMessages, IncludeDeletedUsers, IncludeMessageBlocks, IncludeArchivedChannels, DisableSemanticSearch, Modifiers, TermClauses) and new response types (AssistantSearchContextFile, AssistantSearchContextChannel, AssistantSearchContextMessageContext) to match the full Real-Time Search API surface.
• Added Underline, Highlight, ClientHighlight, and Unlink fields to RichTextSectionTextStyle. Added Style field to RichTextSectionUserGroupElement.
• Added BotOptional and UserOptional fields to OAuthScopes for app manifests.
• Added PKCE support for OAuth: OAuthOptionCodeVerifier option for GetOAuthV2Response, GenerateCodeVerifier() and GenerateCodeChallenge() helper functions (RFC 7636). client_secret is now conditionally omitted when empty in both GetOAuthV2ResponseContext and RefreshOAuthV2TokenContext.

Fixed

• ChannelTypes and ContentTypes now send comma-separated values instead of repeated form keys, matching the convention used by every other method in the library.
• In socketmode malformed JSON messages no longer force an unnecessary reconnect. Instead the error is emitted and the connection continues as normal.

[0.21.1] - 2026-04-08

Added

• slackevents.ChannelType* constants and MessageEvent helpers — Added ChannelTypeChannel, ChannelTypeGroup, ChannelTypeIM, ChannelTypeMPIM constants and IsChannel(), IsGroup(), IsIM(), IsMpIM() methods on MessageEvent so callers no longer need to compare raw strings.

Fixed

• Duplicate attachment/block serialization in MsgOptionAttachments / MsgOptionBlocks — Attachments and blocks were serialized twice: once into typed struct fields (for the JSON response-URL path) and again into url.Values (for the form POST path). Serialization for the form path now happens inside formSender.BuildRequestContext, so each sender owns its own marshalling. This fixes the long-standing FIXME and eliminates redundant json.Marshal calls in the option functions. (#1547)

  [!NOTE] UnsafeApplyMsgOptions returns config.values directly. After this change, attachments and blocks keys are no longer present in those values since marshalling is deferred to send time. This function is documented as unsupported.

Commits

• f482b19 chore: v0.22.0
• 3a5db9d chore: fix staticcheck errors (#1548)
• 19e0416 ci: add staticcheck
• f7a9616 chore: add staticcheck to mise
• 38dc2b9 chore: simplify with fmt.Fprintf
• d86412e fix(socketmode): skip reconnect on malformed JSON messages
• 3d2c59d chore: fix linting and formatting issues
• 7c6fb1f fix(socketmode): apply debug_reconnects query param to URL
• 5a498f6 feat(oauth): add PKCE support for OAuth v2 token exchange
• 86249b5 feat(manifests): add optional scope fields to OAuthScopes
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
🔚	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[what-the-diff]

PR Summary

• Update of Slack Library Version
  The version of the Slack library we use (github.com/slack-go/slack) has been updated from v0.21.0 to v0.22.0. This update includes improvements and fixes made by the library developers, ensuring our application remains up-to-date and continues to perform optimally.

• Checksum Modification
  Along with the update of the Slack library, the checksum (a mechanism to verify the integrity of data) for the github.com/slack-go/slack library has been updated too. This is a necessary change to verify the correctness of the updated library files.