build(deps): bump slackapi/slack-github-action from 1.25.0 to 1.26.0

[dependabot]

Bumps slackapi/slack-github-action from 1.25.0 to 1.26.0.

Release notes

Sourced from slackapi/slack-github-action's releases.

Slack Send V1.26.0

What's Changed

This release provides an escape hatch for sending the JSON content of a payload file exactly as is, without replacing any templated variables!

Previously a payload file was parsed and templated variables were replaced with values from github.context and github.env. Any undefined variables were replaced with ??? in this process, which might have caused questions.

That remains the default behavior, but now the JSON contents of a payload file can be sent exactly as written by setting the payload-file-path-parsed input to false:

- name: Send custom JSON data to Slack workflow
  id: slack
  uses: slackapi/[email protected]
  with:
    payload-file-path: "./payload-slack-content.json"
    payload-file-path-parsed: false
  env:
    SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

With this change, the contents of the example payload-slack-content.json will be sent to a webhook URL exactly as is!

Recent commits

Enhancements

• allow to use json file as is without replacing/parsing anything by @​talgendler in slackapi/slack-github-action#299

Documentation

• docs(readme): adjust whitespace in env assignment by @​paulo9mv in slackapi/slack-github-action#296

Maintenance

• ci(test): collect environment secrets from a prepared staging environment by @​zimeg in slackapi/slack-github-action#294
• ci(test): share environment secrets with pull requests from forked prs by @​zimeg in slackapi/slack-github-action#297

Dependencies

• Bump eslint-plugin-jsdoc from 46.10.1 to 48.2.1 by @​dependabot in slackapi/slack-github-action#295
• Bump eslint from 8.56.0 to 8.57.0 by @​dependabot in slackapi/slack-github-action#289
• Bump mocha from 10.2.0 to 10.3.0 by @​dependabot in slackapi/slack-github-action#288
• Bump https-proxy-agent from 7.0.2 to 7.0.4 by @​dependabot in slackapi/slack-github-action#290
• Bump @​slack/web-api from 6.12.0 to 7.0.2 by @​dependabot in slackapi/slack-github-action#287
• Bump mocha from 10.3.0 to 10.4.0 by @​dependabot in slackapi/slack-github-action#300
• Bump axios from 1.6.7 to 1.6.8 by @​dependabot in slackapi/slack-github-action#301
• Bump eslint-plugin-jsdoc from 48.2.1 to 48.2.2 by @​dependabot in slackapi/slack-github-action#302

New Contributors

... (truncated)

Commits

• 70cd7be Automatic compilation
• 53b162f chore(release): tag release v1.26.0
• 47d8e42 feat: introduce an option to send payload file json without replacing variabl...
• d447374 Bump eslint-plugin-jsdoc from 48.2.1 to 48.2.2 (#302)
• b638b31 Bump axios from 1.6.7 to 1.6.8 (#301)
• c76311a Bump mocha from 10.3.0 to 10.4.0 (#300)
• d4358d2 docs(readme): adjust whitespace in env assignment (#296)
• cb3763e ci(test): share environment secrets with pull requests from forked prs (#297)
• 86bebf8 Bump @​slack/web-api from 6.12.0 to 7.0.2 (#287)
• efa31bf Bump https-proxy-agent from 7.0.2 to 7.0.4 (#290)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/slackapi/slack-github-action	1.26.0	🟢 3.9	Details Check Score Reason Code-Review 🟢 6 Found 9/13 approved changesets -- score normalized to 6 Maintained 🟢 10 18 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 5 5 existing vulnerabilities detected
actions/slackapi/slack-github-action	1.25.0	🟢 3.9	Details Check Score Reason Code-Review 🟢 6 Found 9/13 approved changesets -- score normalized to 6 Maintained 🟢 10 18 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 5 5 existing vulnerabilities detected

Scanned Manifest Files

.github/workflows/functional-tests.yml

• slackapi/[email protected]
• slackapi/[email protected]

[fractalwrench]

@dependabot rebase

[fractalwrench]

LGTM