chore(actions)(deps): bump slackapi/slack-github-action from 1.27.0 to 3.0.3

[dependabot]

Bumps slackapi/slack-github-action from 1.27.0 to 3.0.3.

Release notes

Sourced from slackapi/slack-github-action's releases.

Slack GitHub Action v3.0.3

Patch Changes

• 66834e4: feat: add instrumentation to address error rates

Slack GitHub Action v3.0.2

Patch Changes

• 79529d7: fix: resolve url.parse deprecation warning for webhook techniques

Slack GitHub Action v3.0.1

What's Changed

Alongside the breaking changes of @v3.0.0 and a new technique to run Slack CLI commands, we tried the wrong name to publish to the GitHub Marketplace 🐙 This action is now noted as The Slack GitHub Action in listings 🎶 ✨

🎨 Maintenance

• chore: use a unique title for marketplace in slackapi/slack-github-action#576 - Thanks @​zimeg!
• chore(release): tag version 3.0.1 in slackapi/slack-github-action#577 - Thanks @​zimeg!

Full Changelog: slackapi/slack-github-action@v3.0.0...v3.0.1

Slack GitHub Action v3.0.0

The @v3.0.0 release had a hiccup on publish and we recommend using @​v3.0.1 or a more recent version when updating! Oops!

🎽 Running Slack CLI commands and the active Node runtime, both included in this release 👟 ✨

⚠️ Breaking change: Node.js 24 the runtime

This major version updates the GitHub Actions required runtime to Node.js 24. Most GitHub-hosted runners already include this, but self-hosted runners may need to be updated ahead of planned deprecations of Node 20 on GitHub Actions runners.

📺 Enhancement: Run Slack CLI commands

This release introduces a new technique for running Slack CLI commands directly in GitHub Actions workflows. Use this to install the latest version (or a specific one) of the CLI and execute commands like deploy for merges to main, manifest validate with tests, and other commands.

Gather a token using the following CLI command to store with repo secrets, then get started with an example below:

$ slack auth token

🧪 Validate an app manifest on pull requests

Check that your app manifest is valid before merging changes:

🔗 https://docs.slack.dev/tools/slack-github-action/sending-techniques/running-slack-cli-commands/validate-a-manifest

- name: Validate the manifest
</tr></table> 

... (truncated)

Changelog

Sourced from slackapi/slack-github-action's changelog.

slack-github-action

3.0.3

Patch Changes

• 66834e4: feat: add instrumentation to address error rates

3.0.2

Patch Changes

• 79529d7: fix: resolve url.parse deprecation warning for webhook techniques

Commits

• 45a88b9 chore: release
• 1c0bcf0 chore: release (#606)
• 66834e4 feat: add instrumentation to address error rates (#600)
• 0fe0f90 build(deps): bump @​actions/github from 9.0.0 to 9.1.1 (#605)
• c5e7059 build(deps): bump @​slack/web-api from 7.15.0 to 7.15.1 (#604)
• 0325526 build(deps-dev): bump @​biomejs/biome from 2.4.10 to 2.4.13 (#601)
• 900cd3e build(deps-dev): bump @​types/node from 24.12.0 to 24.12.2 (#603)
• 53fdcff build(deps): bump @​actions/core from 3.0.0 to 3.0.1 (#602)
• 26856cc build(deps): bump slackapi/slack-github-action from 3.0.1 to 3.0.2 (#596)
• feba1e2 ci: skip publish step if no release is needed (#599)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: automated, dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/slackapi/slack-github-action	45a88b9581bfab2566dc881e2cd66d334e621e2c	🟢 6.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 3 Found 3/10 approved changesets -- score normalized to 3 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 7 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches SAST 🟢 9 SAST tool is not run on all commits -- score normalized to 9

Scanned Files

• .github/workflows/slack-notify.yml

[github-actions]

📊 Test Coverage Report

Metric	Coverage	CI Gate	Target
Lines	✅ 86.4% (11426/13228)	75%	80%
Statements	✅ 86.4% (11426/13228)	75%	80%
Branches	✅ 80.4% (1382/1719)	70%	80%
Functions	🟡 78.3% (257/328)	—	80%

🟡 CI gate passed — coverage below 80% target

Files below 80% coverage

File	Lines	Functions	Branches
src/middlewares/guardrail/GuardrailInterceptorHook.ts	76.6%	100.0%	73.0%
src/middlewares/guardrail/GuardrailMiddleware.ts	75.6%	66.7%	68.2%
src/middlewares/guardrail/GuardrailScanner.ts	93.4%	100.0%	64.3%
src/middlewares/guardrail/GuardrailWriteScannerHook.ts	71.0%	100.0%	78.2%
src/middlewares/guardrail/ModerationGuardHook.ts	74.8%	100.0%	58.8%
src/middlewares/guardrail/guards/canary-tracker.ts	98.0%	80.0%	66.7%
src/middlewares/guardrail/guards/content-moderation.ts	78.4%	100.0%	90.6%
src/middlewares/guardrail/guards/sensitive-paths.ts	94.1%	100.0%	77.3%
src/middlewares/guardrail/scanners/HeuristicScanner.ts	100.0%	100.0%	75.0%
src/middlewares/guardrail/scanners/RegexScanner.ts	90.3%	100.0%	78.6%
src/middlewares/guardrail/storage/ConfigStore.ts	88.0%	71.4%	80.0%
src/middlewares/guardrail/storage/DecisionLog.ts	70.3%	40.0%	100.0%
src/middlewares/hitl/Interceptor.ts	89.8%	83.3%	75.7%
src/middlewares/hitl/index.ts	85.8%	54.5%	66.7%
src/middlewares/hitl/script-content-loader.ts	47.8%	0.0%	100.0%
src/middlewares/hitl/tool-interceptor.ts	89.5%	100.0%	70.9%
src/middlewares/hitl/approval/ApprovalQueue.ts	79.7%	81.3%	78.6%
src/middlewares/hitl/approval/Arbitrator.ts	36.1%	25.0%	91.7%
src/middlewares/hitl/approval/TotpManager.ts	93.9%	87.5%	71.4%
src/middlewares/hitl/approval/approval-commands.ts	84.8%	100.0%	72.7%
src/middlewares/hitl/scoring/IrreversibilityScorer.ts	95.6%	100.0%	75.0%
src/middlewares/hitl/storage/BrowserSessionStore.ts	94.7%	100.0%	72.5%
src/middlewares/hitl/storage/DecisionLog.ts	70.6%	25.0%	100.0%
src/middlewares/hitl/storage/PolicyStore.ts	89.4%	85.7%	64.3%
src/middlewares/hitl/storage/StatsTracker.ts	91.2%	71.4%	80.0%
src/middlewares/pii-sanitizer/PiiSanitizerMiddleware.ts	75.7%	58.3%	74.2%
src/middlewares/pii-sanitizer/PolicyEngine.ts	96.6%	100.0%	70.6%
src/middlewares/pii-sanitizer/ScannerEngine.ts	70.0%	85.7%	87.5%
src/middlewares/pii-sanitizer/storage/DlpStore.ts	70.6%	18.2%	100.0%
src/middlewares/tool-call-limit/ToolCallLimitMiddleware.ts	86.8%	72.2%	86.4%
src/middlewares/tool-call-limit/storage/LimitPolicyStore.ts	74.6%	50.0%	75.0%

---

Generated by CI on commit 27caf07