Skip to content

chore(deps): bump @slack/bolt from 4.7.3 to 5.0.0 in /examples/oauth-express-receiver#3015

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/examples/oauth-express-receiver/slack/bolt-5.0.0
Open

chore(deps): bump @slack/bolt from 4.7.3 to 5.0.0 in /examples/oauth-express-receiver#3015
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/examples/oauth-express-receiver/slack/bolt-5.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 17, 2026

Copy link
Copy Markdown
Contributor

Bumps @slack/bolt from 4.7.3 to 5.0.0.

Changelog

Sourced from @​slack/bolt's changelog.

5.0.0

Major Changes

  • d284e69: Drop Node.js 18 support. The minimum required runtime is now Node.js 20 (npm >=9.6.4).

  • d284e69: Remove deprecated WorkflowStep class and all associated types, middleware, and utilities. Use CustomFunction and app.function() instead.

  • d284e69: Replace axios with native fetch for response_url calls. Remove agent and clientTls options from AppOptions — use clientOptions.fetch to provide a custom fetch implementation for proxy/TLS needs. Add a dispatcher option to SocketModeReceiver for proxy/TLS configuration in socket mode.

    respond() now throws a RespondError when the response_url request returns a non-2xx status (restoring the throw-on-failure behavior that axios provided) and resolves to a Response on success rather than an axios response object.

Minor Changes

  • d284e69: Improve error handling by leveraging @slack/web-api v8 error classes. Authorization errors are now properly wrapped in an AuthorizationError, preserving the original thrown value (non-Error rejections are retained via the cause of the wrapped original). Default error handlers log richer details for web-api errors (API error codes, rate limit durations, HTTP status codes) alongside the full error object, so stack traces and causes remain available. The @slack/web-api error classes (SlackError, WebAPIPlatformError, WebAPIRequestError, WebAPIHTTPError, WebAPIRateLimitedError) can be imported from @slack/web-api for instanceof checks.

Patch Changes

  • 9839a50: Pass the App's named bolt-app ConsoleLogger to the default receivers when no logger option is provided. Previously the App constructor built a named logger on this.logger but threaded the raw (potentially undefined) constructor argument into initReceiver, so HTTPReceiver / SocketModeReceiver each built their own anonymous logger and receiver-side log lines (e.g. unhandled HTTP requests on custom routes) appeared without the bolt-app prefix.

    Behaviour change for the no-logger case: the default receiver now shares the same Logger instance as app.logger, so a downstream app.logger.setLevel(...) after construction will affect receiver-side logging too. This is consistent with the existing behaviour that already mutates this.logger's level via the logLevel constructor option. Apps that supplied their own logger are unaffected; apps that relied on the receiver's logger being independent of app.logger will need to pass a separate logger into the receiver explicitly.

  • e1c21d7: Fix AwsLambdaReceiver.toHandler() so Bolt apps on the AWS Lambda Node.js 24+ runtime no longer fail at startup with Runtime.CallbackHandlerDeprecated. The returned handler is now a 2-arg promise-based function; the unused trailing callback parameter has been removed from the AwsHandler type. The legacy AwsCallback export is retained and marked @deprecated.

  • f2de079: Add context_team_id and context_enterprise_id as optional fields on the EnvelopedEvent type. Slack's Events API delivers these on the envelope for Slack Connect channels and Enterprise Grid org-wide apps, where team_id may refer to a workspace different from the one the bot is installed in. Without the typed fields, downstream code had to reach for @ts-expect-error or unsafe casts to route by the correct workspace.

Commits
  • e2b90aa chore: release (#2978)
  • b3df46d chore(deps): bump fastify from 5.9.0 to 5.10.0 in /examples/custom-receiver (...
  • d284e69 feat: release @​slack/bolt@​5.0.0 (#2940)
  • 602b744 chore(deps): bump @​koa/router from 15.6.0 to 15.7.0 in /examples/custom-recei...
  • 3dec9b2 chore(deps-dev): bump typescript from 6.0.3 to 7.0.2 in /examples/custom-rece...
  • a687320 chore(deps): bump fastify from 5.8.5 to 5.9.0 in /examples/custom-receiver (#...
  • 53aa90b chore(deps): bump @​slack/types from 2.21.1 to 2.22.0 (#2997)
  • 85a92fa chore(deps): bump @​slack/web-api from 7.17.0 to 7.18.0 (#2996)
  • 2425685 docs: updates for agent_view release (#2995)
  • e3936b4 chore(deps): bump actions/checkout from 6.0.3 to 7.0.0 (#2994)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added area:examples issues related to example or sample code dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 17, 2026
@dependabot
dependabot Bot requested a review from a team as a code owner July 17, 2026 15:54
@dependabot dependabot Bot added area:examples issues related to example or sample code dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 17, 2026
@changeset-bot

changeset-bot Bot commented Jul 17, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: 4bd29ca

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions
github-actions Bot enabled auto-merge (squash) July 17, 2026 15:54
@codecov

codecov Bot commented Jul 17, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.33%. Comparing base (020b021) to head (4bd29ca).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #3015   +/-   ##
=======================================
  Coverage   94.33%   94.33%           
=======================================
  Files          43       43           
  Lines        7360     7360           
  Branches      679      679           
=======================================
  Hits         6943     6943           
  Misses        409      409           
  Partials        8        8           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/examples/oauth-express-receiver/slack/bolt-5.0.0 branch from d34d54e to c6262fc Compare July 17, 2026 15:58
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/examples/oauth-express-receiver/slack/bolt-5.0.0 branch from c6262fc to ab2312b Compare July 17, 2026 19:54
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/examples/oauth-express-receiver/slack/bolt-5.0.0 branch from ab2312b to 9f73635 Compare July 17, 2026 20:04
Bumps [@slack/bolt](https://github.com/slackapi/bolt-js) from 4.7.3 to 5.0.0.
- [Release notes](https://github.com/slackapi/bolt-js/releases)
- [Changelog](https://github.com/slackapi/bolt-js/blob/main/CHANGELOG.md)
- [Commits](v4.7.3...v5.0.0)

---
updated-dependencies:
- dependency-name: "@slack/bolt"
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/examples/oauth-express-receiver/slack/bolt-5.0.0 branch from 9f73635 to 4bd29ca Compare July 18, 2026 01:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area:examples issues related to example or sample code dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants