dependabot[bot] opened a new pull request, #5084: URL: https://github.com/apache/eventmesh/pull/5084
Bumps [com.slack.api:bolt](https://github.com/slackapi/java-slack-sdk) from 1.40.+ to 1.42.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/slackapi/java-slack-sdk/releases";>com.slack.api:bolt's releases</a>.</em></p> <blockquote> <h2>version 1.42.0</h2> <h1>Announcements</h1> <h2>Jakarta EE compatible Socket Mode</h2> <p>Since this version, developers can migrate to the newer Jakarta EE compatible WebSocket interface for Socket Mode modules. To enable this, the following two optional modules are added:</p> <ul> <li>com.slack.api:slack-jakarta-socket-mode-client</li> <li>com.slack.api:bolt-jakarata-socket-mode</li> </ul> <p>The Socket Mode client's default implementation uses tyrus-standalone-client <strong>1.x</strong>, which is compatible with <strong>javax.websocket-api</strong> APIs. The Jakarta EE version of this interface is the <strong>jakarta.websocket-client-api</strong> APIs, and tyrus-standalone-client <strong>2.x</strong> is compatible with it. Since it's not feasible to have both tyrus-standalone-client 1.x and 2.x in the same module's dependencies, I have added a new module named slack-jakarta-socket-mode-client. See <a href="https://redirect.github.com/slackapi/java-slack-sdk/issues/919";>slackapi/java-slack-sdk#919</a> for more details.</p> <p>Developers can initialize the Jakarta-compatible SocketModeClient this way:</p> <pre lang="java"><code>import com.slack.api.Slack; import com.slack.api.jakarta_socket_mode.JakartaSocketModeClientFactory; <p>public class Example {<br /> public static void main(String[] args) throws Exception {<br /> var appToken = System.getenv("SLACK_APP_TOKEN");<br /> var slack = Slack.getInstance();<br /> // Java EE compatible Socket Mode client<br /> slack.socketMode(appToken).connect();<br /> // Jakarta EE compatible Socket Mode client<br /> JakartaSocketModeClientFactory.create(slack, appToken).connect();<br /> }<br /> }<br /> </code></pre></p> <p>In the same way, I’ve added a new Jakarta-compatible module, which is equivalent to bolt-socket-mode. Here is the demo code. As you can see, just replace the dependency and imports in the code:</p> <pre lang="java"><code>import com.slack.api.bolt.App; import com.slack.api.bolt.jakarta_socket_mode.SocketModeApp; <p>public class Example {<br /> public static void main(String[] args) throws Exception {<br /> var app = new App();<br /> app.command("/hi", (req, ctx) -> {<br /> ctx.say("Hi there!");<br /> return ctx.ack();<br /> });<br /> var appToken = System.getenv("SLACK_APP_TOKEN");<br /> // Switch from com.slack.api.bolt.socket_mode to com.slack.api.bolt.jakarta_socket_mode<br /> new SocketModeApp(appToken, app).start();<br /> }<br /> }<br /> </code></pre></p> <p>The reason behind this enhancement is that many Java-house companies are planning to eliminate the legacy javax.* dependencies from their project settings. I don't think the short-term risk of having a javax.websocket dependency is significant, but it seems it's about time to provide an option for migration on the developers' side.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/slackapi/java-slack-sdk/commits/v1.42.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@eventmesh.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@eventmesh.apache.org For additional commands, e-mail: dev-h...@eventmesh.apache.org
