Skip to content
This repository has been archived by the owner on May 30, 2023. It is now read-only.

Bump slack-sdk from 3.5.1 to 3.8.0 #37

Closed
wants to merge 1 commit into from
Closed

Bump slack-sdk from 3.5.1 to 3.8.0 #37

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 15, 2021

Bumps slack-sdk from 3.5.1 to 3.8.0.

Release notes

Sourced from slack-sdk's releases.

version 3.8.0

New Features

Token Rotation Support (more info to come soon!)

This version includes the token rotation feature support for better security. Refer to the API document for the general information about the feature.

How to enable token rotation with this SDK

Apart from the column additions for the feature (specifically, refresh token + expiration date time) and the corresponding changes in your app code, no significant code is needed. Checking the example apps using Flask, Sanic in this directory can be helpful to learn what to do.

In a nutshell, you can call the following rotate_tokens method before handling every single incoming request from Slack. As long as your InstallationStore support the token rotation patterns, the code below should work as-is.

from slack_sdk.oauth.token_rotation import TokenRotator
from slack_sdk.oauth.installation_store import FileInstallationStore
This instance can be singleton; thread-safe
token_rotator = TokenRotator(
# These are required for refreshing tokens
client_id=client_id,
client_secret=client_secret,
)
Your own InstallationStore here
installation_store = FileInstallationStore()
def rotate_tokens(
enterprise_id: Optional[str] = None,
team_id: Optional[str] = None,
user_id: Optional[str] = None,
is_enterprise_install: Optional[bool] = None,
):
installation = installation_store.find_installation(
enterprise_id=enterprise_id,
team_id=team_id,
user_id=user_id,
is_enterprise_install=is_enterprise_install,
)
if installation is not None:
# If rotation does not occur, refreshed_installation is None
refreshed_installation = token_rotator.perform_token_rotation(installation=installation)
if refreshed_installation is not None:
# Save the new access token for the following processes
installation_store.save(refreshed_installation)

Migration guide for SQLAlchemyInstallationStore users

If your app uses the built-in SQLAlchemyInstallationStore for managing Slack app installations, adding the following database columns is required for this version upgrade. Refer to the code to check the complete ones.

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump slack-sdk from 3.5.1 to 3.8.0
dd315d2 
Bumps [slack-sdk](https://github.com/slackapi/python-slack-sdk) from 3.5.1 to 3.8.0.
- [Release notes](https://github.com/slackapi/python-slack-sdk/releases)
- [Commits](slackapi/python-slack-sdk@v3.5.1...v3.8.0)

---
updated-dependencies:
- dependency-name: slack-sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from pcarn as a code owner July 15, 2021 23:09
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jul 15, 2021
@dependabot dependabot bot mentioned this pull request Jul 15, 2021
Closed
@pcarn pcarn closed this Jul 27, 2021
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jul 27, 2021

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/pip/slack-sdk-3.8.0 branch July 27, 2021 13:57
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@pcarn pcarn Awaiting requested review from pcarn pcarn is a code owner

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@pcarn