Feature: Slack Notification Provider#834
Merged
Wikid82 merged 62 commits intodevelopmentfrom Mar 16, 2026
Merged
Conversation
- Removed duplicate @typescript-eslint/utils dependency in frontend/package.json - Updated TypeScript version from 5.9.3 to 6.0.1-rc in frontend/package.json and package.json - Adjusted ResizeObserver mock to use globalThis in tests - Modified tsconfig.json and tsconfig.node.json to include empty types array - Cleaned up package-lock.json to reflect TypeScript version change and updated dev dependencies
- Updated @eslint/js and eslint to version 10.0.0 in package.json. - Adjusted overrides for eslint-plugin-react-hooks, eslint-plugin-jsx-a11y, and eslint-plugin-promise to ensure compatibility with ESLint v10. - Modified lefthook.yml to reflect the upgrade and noted the need for plugin support for ESLint v10.
- Bump versions of @vitejs/plugin-react, @vitest/coverage-istanbul, @vitest/coverage-v8, and @vitest/ui to their beta releases. - Upgrade Vite and Vitest to their respective beta versions. - Adjust Vite configuration to disable code splitting for improved React initialization stability.
…n-major-updates fix(deps): update non-major-updates (feature/beta-release)
…es to latest versions
…n-major-updates chore(deps): update non-major-updates (feature/beta-release)
…ci to version 7.23.0
Contributor
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
Contributor
✅ Supply Chain Verification Results✅ PASSED 📦 SBOM Summary
🔍 Vulnerability Scan
📎 Artifacts
Generated by Supply Chain Verification workflow • View Details |
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
- Updated the notification provider types to include 'slack'. - Modified API tests to handle 'slack' as a valid provider type. - Enhanced frontend forms to display Slack-specific fields (webhook URL and channel name). - Implemented CRUD operations for Slack providers, ensuring proper payload structure. - Added E2E tests for Slack notification provider, covering form rendering, validation, and security checks. - Updated translations to include Slack-related text. - Ensured that sensitive information (like tokens) is not exposed in API responses.
…er dependency for @rolldown/plugin-babel
…r Nebula ECDSA signature malleability
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a Slack notification provider (Incoming Webhooks) across backend + frontend, along with substantial supporting updates to tests, documentation, CI security workflows, and container/runtime tooling to support the new behavior and ongoing security posture.
Changes:
- Add Slack as a supported notification provider type (UI form fields, payload normalization, backend dispatch gating via feature flag, and handler validations).
- Expand test coverage (Playwright + frontend unit tests + Go handler/service tests) and update docs/CHANGELOG for Slack setup and security expectations.
- Update build/ops tooling (TypeScript/Vite upgrades, Semgrep hook behavior, Dockerfile and integration scripts moving curl→wget, CI workflow tweaks, dependency bumps, and Grype suppression maintenance).
Reviewed changes
Copilot reviewed 64 out of 67 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/settings/telegram-notification-provider.spec.ts | Adjust GET interception to avoid response race in token-exposure test. |
| tests/settings/notifications.spec.ts | Update provider fixtures and ensure Slack appears in provider type select. |
| tests/settings/notifications-payload.spec.ts | Add Slack payload scenario + tighten preview/test request payload captures. |
| scripts/waf_integration.sh | Switch httpbin image and curl→wget readiness checks; increase wait loop. |
| scripts/rate_limit_integration.sh | Switch httpbin image and curl→wget readiness checks; increase wait loop. |
| scripts/pre-commit-hooks/semgrep-scan.sh | Expand Semgrep configs to cover multiple languages and Docker/Bash. |
| scripts/diagnose-test-env.sh | Replace curl-based health probe with wget. |
| scripts/crowdsec_startup_test.sh | Replace curl-based health probe with wget. |
| scripts/coraza_integration.sh | Switch httpbin image and curl→wget readiness checks. |
| scripts/cerberus_integration.sh | Switch httpbin image and curl→wget readiness checks; increase wait loop. |
| package.json | Move TS/Vite into dev deps and bump tooling versions. |
| lefthook.yml | Update hook behavior (notably Semgrep now in pre-commit). |
| go.work.sum | Refresh Go workspace sums (x/term). |
| frontend/vite.config.ts | Switch build config to Rolldown-specific options and disable code splitting. |
| frontend/tsconfig.node.json | Adjust TS config (explicit types: []). |
| frontend/tsconfig.json | Adjust TS libs/types configuration. |
| frontend/src/test/setup.ts | Use globalThis.ResizeObserver for test environment compatibility. |
| frontend/src/pages/tests/Notifications.test.tsx | Add Slack UI behavior tests and update supported types assertions. |
| frontend/src/pages/Notifications.tsx | Add Slack provider UI fields + payload normalization + template support inclusion. |
| frontend/src/locales/en/translation.json | Add Slack-specific i18n strings for labels/placeholders/help text. |
| frontend/src/components/tests/SecurityNotificationSettingsModal.test.tsx | Update supported provider type list assertions to include Slack. |
| frontend/src/components/tests/AccessListForm.test.tsx | Use globalThis.ResizeObserver in tests. |
| frontend/src/api/notifications.ts | Add Slack to supported provider types and token sanitization rules. |
| frontend/src/api/notifications.test.ts | Update unsupported provider type test cases (pushover). |
| frontend/src/api/tests/notifications.test.ts | Update unsupported provider type test cases (pushover). |
| frontend/package.json | Upgrade ESLint/Vite/TS/Vitest toolchain and add overrides for peer deps. |
| docs/reports/qa_report_ts6_upgrade_2026-03-11.md | Add QA report documenting TS6 upgrade verification steps/results. |
| docs/reports/qa_report.md | Replace prior report content with script-focused QA report for curl→wget changes. |
| docs/plans/archive/cve_remediation_spec.md | Add archived plan for CVE remediation via curl/binutils removal. |
| docs/issues/vite-8-beta-manual-testing.md | Add manual test plan for Vite 8 beta upgrade risks. |
| docs/issues/slack-manual-testing.md | Add manual test plan specifically for Slack provider behavior/security. |
| docs/getting-started.md | Document required secrets for stable sessions and encryption at rest. |
| docs/features/notifications.md | Document Slack provider setup, templates, and rate limits. |
| backend/internal/services/notification_service_json_test.go | Update Slack JSON dispatch test to use token as webhook URL. |
| backend/internal/services/notification_service_discord_only_test.go | Update discord-only constraints now that Slack is supported. |
| backend/internal/services/notification_service.go | Add Slack support (feature flag, dispatch, payload normalization, URL validator hook). |
| backend/internal/notifications/feature_flags.go | Add Slack feature flag key constant. |
| backend/internal/api/handlers/notification_provider_handler.go | Allow Slack create/update and add Slack-specific test error classification. |
| backend/internal/api/handlers/notification_provider_discord_only_test.go | Update expectations to allow Slack provider creation. |
| backend/internal/api/handlers/notification_provider_blocker3_test.go | Update expectations to allow Slack provider creation. |
| backend/internal/api/handlers/notification_coverage_test.go | Add coverage tests for Slack error classification + token rejection on test request. |
| backend/go.mod | Bump golang.org/x deps and goccy/go-json. |
| backend/go.sum | Sync sums for updated dependencies. |
| Dockerfile | Remove curl/binutils, use wget for GeoIP download/healthcheck, bump Caddy security plugin, improve CI build arg handling. |
| CHANGELOG.md | Add Slack notification provider entry and related details. |
| ARCHITECTURE.md | Update documented toolchain versions (TS/Vite/Vitest) and config filename. |
| .grype.yaml | Remove resolved zlib suppression and extend nebula suppression expiry. |
| .github/workflows/waf-integration.yml | Pass CI build arg through to Docker build. |
| .github/workflows/supply-chain-pr.yml | Make PR commenting resilient to permission errors; avoid failing job. |
| .github/workflows/security-pr.yml | Bump pinned action SHAs. |
| .github/workflows/rate-limit-integration.yml | Pass CI build arg through to Docker build. |
| .github/workflows/crowdsec-integration.yml | Pass CI build arg through to Docker build. |
| .github/workflows/cerberus-integration.yml | Pass CI build arg through to Docker build. |
| .github/workflows/auto-versioning.yml | Bump pinned action SHA. |
| .github/workflows/auto-changelog.yml | Bump release-drafter action SHA (major version). |
| .docker/docker-entrypoint.sh | Replace curl readiness probe with wget. |
| .docker/compose/docker-compose.yml | Replace curl healthcheck with wget. |
| .docker/compose/docker-compose.playwright-local.yml | Replace curl healthcheck with wget. |
| .docker/compose/docker-compose.playwright-ci.yml | Replace curl healthcheck with wget. |
| .docker/compose/docker-compose.local.yml | Replace curl healthcheck with wget. |
You can also share your feedback on Copilot code review. Take the survey.
The slack sub-tests in TestDiscordOnly_CreateRejectsNonDiscord and TestBlocker3_CreateProviderRejectsNonDiscordWithSecurityEvents were omitting the required token field from their request payloads. CreateProvider enforces that Slack providers must have a non-empty token (the webhook URL) at creation time. Without it the service returns "slack webhook URL is required", which the handler does not classify as a 400 validation error, so it falls through to 500. Add a token field to each test struct, populate it for the slack case with a valid-format Slack webhook URL, and use WithSlackURLValidator to bypass the real format check in unit tests — matching the pattern used in all existing service-level Slack tests.
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 64 out of 67 changed files in this pull request and generated 2 comments.
You can also share your feedback on Copilot code review. Take the survey.
…n-major-updates fix(deps): update non-major-updates (feature/beta-release)
…n-major-updates chore(deps): update non-major-updates (feature/beta-release)
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 70 out of 73 changed files in this pull request and generated 2 comments.
You can also share your feedback on Copilot code review. Take the survey.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.