Bolt JS

• Fix #1488 Incorrect types with ViewUpdateResponseAction and ViewPushResponseAction (via #1490) - thanks @seratch @ducminh-phan!

Here is the list of all the issues / pull requests included in the release: https://github.com/slackapi/bolt-js/milestone/26?closed=1

• Bug fixes:
  • Fix #1454: Missing type declarations for HomeView (via #1455) - thanks @seratch!
  • TypeScript 4.7 compiler compatibility (via #1466) - thanks @seratch!
  • Fix #1472: say type incorrectly inferred as never when using pin_added or reaction_* events (via #1473 and #1476) - thanks @seratch!
  • Fix an action typo in the docs (via #1475) - thanks @BenAlderfer!
  • Add more logs for error patterns in AwsLambdaReceiver (via #1481) - thanks @seratch!
  • Fix #1478: ack() is not accessible in global middleware in TypeScript (via #1482) - thanks @seratch!

Here is the list of all the issues / pull requests included in the release: https://github.com/slackapi/bolt-js/milestone/25?closed=1

• New features / improvements:
  • Adding support for new user-change events with types (via #1448) - thanks @filmaj
  • Slack prints failed with the error "operation_timeout" when slack command runs and finishes successfully in AWS Lambda (via #1435 #1452) - thanks @nicolls1
  • Upgrade socket-mode dependency to the latest minor (via #1441 ) - thanks @seratch !

Here is the list of all the issues / pull requests included in the release: https://github.com/slackapi/bolt-js/milestone/24?closed=1

📣 Important Announcement

Since this version, the default behavior of the OAuth flow has been changed for better security. The changes are:

• InstallProvider (The underlying OAuth module) verifies not only the query string but also its corresponding browser cookie data
• The default StateStore (ClearStateStore) makes sure that the state parameter is not too old (the default lifetime is 10 minutes)

Refer to #1335 #1391 https://github.com/slackapi/node-slack-sdk/issues/1435 https://github.com/slackapi/node-slack-sdk/pull/1436 for the context. If you encounter behavior changes described at #1412, consider either changing your app code or setting installerOptions.legacyStateVerification: true for now.

🎁 🐛 New features / improvements:

• #1391 Fix #1335 Proper use of state parameter for the OAuth CSRF protection - Thanks @seratch
• #1405 Fix #1404 SocketModeReceiver app process exits when any of its event listeners throws an exception - Thanks @seratch
• #1359 Fix #1358 Expose common utilities for building HTTP module based receivers - Thanks @seratch
• #1406 Add more error handlers to ExpressReceiver - Thanks @seratch @Gregoor
• #1392 Fix #1385 Create a signature validation function that is not tied to the request - Thanks @seratch @danerwilliams
• #1393 Fix #1376 CustomRoute interface should be accessible from developers - Thanks @seratch
• #1381 Fix #1380 by adding more event payload types - Thanks @seratch @aasiddiq
• #1400 Fix #1397 bolt-js does not accept ssl_check requests properly - Thanks @seratch
• #1340 Fix #1334 Export EnvelopedEvent interface to users - Thanks @martin-cycle
• #1366 Fix #1364 Update axios to latest 0.26.1 - Thanks @seratch @msrivastav13
• #1369 Fix #1368 Log httpServer.close error only when the server exists - Thanks @sbcgua
• #1336 #1401 #1403 #1407 Improve the SDK's test assets - Thanks @seratch @filmaj

📝 Document updates:

• #1384 Deploy the App to Heroku with one click - Thanks @MaurizioBella

Here are all the issues / pull requests included in the release.

🎁 🐛 New features / improvements:

• Added an option to deferInitialization of App - #248 #1303 - Thanks @seratch and @SpencerKaiser
• We're now explicitly setting content-type on HTTPReceiver responses to /slack/install route - #1279 #1280 - Thanks @filmaj
• Reduced unnecessary error throwing in case of tokens_authorize / app_uninstalled event #674 #1328, - Thanks @seratch
• Updated SlackEvent union type to include ChannelIDChangedEvent - #1302 #1301 Thanks @pmezard and @srajiang
• Corrected typing for UserChangeEvent.user.updated attribute #1320 #1322 - Thanks @seratch and @pmezard
• Removed redundant authorize code #1231 #1327 - Thanks @seratch and @TEMHITHORPHE
• Corrected some pesky quotes #1323 - Thanks @nicolls1

📝 Document updates:

• New documentation for deferInitialization #1304, #1308 - Thanks @filmaj, @wongjas, @seratch!
• Improved clarity and content of OAuth documentation #1329 #1315 #1318 - Thanks @srajiang, @horeaporutiu
• Added a 🇯🇵 translation for userScopes property - #1295 - Thanks @wongjas
• Updated respond argument docs to include views listener #1313 - Thanks @seratch

Here are all the issues / pull requests included in the release.

• New features / improvements:
  • Bump @slack/web-api dependency to at least v6.6.0 to address a security vulnerability in axios (via #1276) - thanks @filmaj!
  • Bump @slack/oauth dependency to at least v2.4.0 to address major bugs (via #1273) - thanks @seratch!
  • Fix #1256: $PORT fails to bind on Heroku (via #1210) - thanks @filmaj!
  • Add missing Channel*MessageEvent types (via #1254) - thanks @seratch!
  • Fix #190: Context method updateConversation should accept expiration time (via #1221) - thanks @shubhamjajoo!
  • Fix #1206: custom routes incorrectly match against full URL including querystring parameters (via #1207) - thanks @moustacheful!
• Document updates:
  • Improve App initialization error logs and Authenticating with OAuth document (via #1250) - thanks @srajiang!
  • Fix #795: improving documentation around serverless deployments to make more accessible (via #1254) - thanks @filmaj!
  • Update anchors in the Japanese reference page (via #1247) - thanks @seratch!
  • Fix #1237: Use correct message subtype in Listening to Events documentation (via #1240) - thanks @wongjas!
  • Fix #1233 and #1216: Remove redundant state information from the Listening to Modals documentation (via #1236) - thanks @wongjas!
  • Fix #1241: Update examples to use the logger instead of console.log (via #1242) - thanks @wongjas!
  • Cleanup Lambda example and docs around processBeforeResponse (via #1229) - thanks @ramblingenzyme!
  • Fix #1197: Japanese version of documents around extendedErrorHandler (via #1227) - thanks @wongjas!
  • Add documentation for socket mode and developer mode (via #1218) - thanks @TheManWhoStaresAtCode!
  • Fix #1219: Japanese version of additional socket mode and developer mode documentation (via #1226) - thanks @wongjas!
  • Fix #1010: Add documentation for view_closed support (via #1214) - thanks @TheManWhoStaresAtCode!
  • Fix #1200: Remove references to passing a port to the start method when using socket mode (via #1202) - thanks @filmaj!
• Developer / maintainer-relevant changes:
  • Added a GitHub action and bot to automatically mark issues and PRs as stale after extended periods of inactivity (via #1213, #1225) - thanks @srajiang!

Here is the list of all the issues / pull requests included in the release: https://github.com/slackapi/bolt-js/milestone/16?closed=1

• New features / improvements:
  • Fix #759 #1109 #1110 by adding custom properties in ReceiverEvent and Context objects (#1177) - Thanks @seratch!
  • Fix #860 Enable developers to customize the built-in receivers more (#1183) - Thanks @seratch!
  • Fix #1181 Add port property to installerOptions in the HTTPReceiver (#1184) - Thanks @seratch @M1kep!
  • Add port property to installerOptions in the HTTPReceiver (#1181) - Thanks @srajiang!
  • Add context to global error handler (#525) - Thanks @raycharius!
  • Fix #1098 next() is optional in middleware in TypeScript (#1099) - Thanks @seratch!
  • Fix #1148 - Adjust the app.message listener interface in TypeScript to compile the examples in documents (#1185) - Thanks @M1kep!
  • BlockAction interface does not include state despite state being present in actual object (#1141 #1144) - Thanks @seratch @Richard-PTT!
  • Add more information to unhandled incoming request logging (#1143) - Thanks @misscoded!
  • Bump axios version to 0.21.2 or higher for better security (#1162) - Thanks @xmariopereira!
  • Fix the v3.8.0 publish error (#1194) - Thanks @brianjychan
• Document updates:
  • Japanese document updates (#1047 #1152 #1131 #1154 #1165 #1163 #1166 #1169 #1175) - Thanks @wongjas!
  • Fix the logging example so that it is valid JS (#1172 #1174) - Thanks @filmaj!
  • Fix documentation about state verification option (#1168) - Thanks @stophecom!
  • Fix call in AWS handler to match example (and be correct) (#1190) - Thanks @sirctseb!
  • using directMention() documentation doesn't seem to be correct in docs (#1148) - Thanks @O-Mutt!
  • Clarify /slack/events path requirement (#1153) - Thanks @mars!
  • Update Japanese docs to apply token rotation (#1009) changes (#1014) - Thanks @misscoded!
  • Update slugs in document pages (#1161) - Thanks @srajiang!
  • Japanese document updates (#1067 #1137) - Thanks @seratch!
  • Minor updates related to #1046 (#1047) - Thanks @seratch!

Here is the list of all the issues / pull requests included in the release: https://github.com/slackapi/bolt-js/milestone/15?closed=1

This version had a package file issue. Please use v3.8.1 or newer instead.

Loads of updates and improvements this go-around with the help of feedback from the community 🎉 Many many thanks!

• Support for custom HTTP routes (#834, #866, #1114) - Thank you @misscoded and @johnboxall!
• Added a stateVerification flag to support org-wide app install from admin pages! (#1101, #1116) - Thank you @srajiang and @seratch!
• Migrated fully to eslint (#1024, #842, #1089, #1091 ) - Dzięki @filmaj and @srajiang and @seratch!
• Option to use custom Express app / router via ExpressReceiver (#1084, #868) - Muito obrigado @seratch!
• Added an option to disable signature verification for use during testing (#648, #1088) - Dankeschön @seratch and @meetmangukiya!
• Enabled developers to disable and customize installation pages (#982, #1083, #977 , #1079) - 谢谢 @seratch!
• Enabled using Bolt JS without passing a botId (#874, #1087) - Thanks @misscoded!
• Custom redirect URI options are now properly being sent as part of standard install request params (#1115, #1116) - Hvala @srajiang!
• Improved handling for event authorization errors (#859, #364 #891) - Bedankt @seratch, @zachsirotto and @broom9!
• Better App initialization experience when SocketMode and Receiver options are both supplied (#1068, #1077) - شكرًا @seratch!
• Improved logger initialization experience (#1040, #1078, #1027) - Mahalo @tamaritamari, @seratch, and @dominics
• Docs improvements and other corrections! (#1130, #1129, #1082, #1071, #1097, #1095) - 감사합니다 @risto24, @srajiang, @seratch, @stevengill)!

• Contains bumped version of @slack/web-api for hermesBeta

• Added Slack Connect Events (#999, #1008) - Thanks @srajiang
• Made App start() account for AWSLambdaReceiver return type (#1038, #1039) - Thanks @seratch
• Added tests for SocketModeReciver (#750, #1021) - Thanks @filmaj
• Docs, docs, docs and example app improvements! (#1062, #1066, #1067, #1059 , #1046, #1056, #1048, #1039, #1023, #939, #1021, #1033) - Thanks @sisisin, @hariNEzuMI928, @RhnSharma and @stevengill, @seratch, @filmaj, @srajiang

• Added support for FileInstallationStore (#941, #1003) - Thanks, @misscoded!
• Fix to existing code snippet around acknowledging events (#997) - Thanks, @Zimboboys!
• Brought Socket Mode to the forefront of the Getting Started docs (#990) - Thanks, @srajiang!
• Documentation updates and improvements (#989, #1002) - Thanks, @srajiang and @misscoded!

• Updated default axios options to include proxy:false to match @slack/web-api package (#979) - thanks @stevengill
• Fixed AwsLambdaReceiver failing to parse event.body if isBase64Encoded is true (#971, #972) - thanks @TheManWhoStaresAtCode
• Added edited property to app_mention event payload (#960, #961) - thanks @seratch and @hi-se
• Added a new deploy-aws-lambda project to the examples directory (#815, #940) - thanks @TheManWhoStaresAtCode
• Use Kanji for Japanese documents (#983) - thanks @disneyresidents

Many improvements (thanks to the awesome contributors!) are included in this release :tada:

• Key improvements / bug fixes:
  • Allow command handlers to match regexes (#846) - Thanks @itowlson!
  • Fix #947 Enable to use app.client with passed token for single workspace apps (#948) - Thanks @seratch!
  • Fix #935 enterprise_id in InstallationQuery can be invalid for Slack Connect channel events (#949) - Thanks @seratch!
  • Fix #951 TypeScript 4.3 typing for KnownKeys<ChatPostMessageArguments> (#953) - Thanks @lokshunhung!
  • Fix #629 confusing debug log by ConversationStore (#827) - Thanks @seratch!
  • Fix #496 Add clientOptions.logger option (and improvements to other attributes too) (#856) - Thanks @seratch!
  • Fix #757 Add event type name validation & channel_type filter middleware (#857) - Thanks @seratch!
  • Fix #718 add tokenVerificationEnabled flag to App constructor (#863) - Thanks @seratch!
  • Fix #534 respond support in view_submission listeners (#889) - Thanks @seratch!
  • Add async support of signingSecret to ExpressReceiver (#877) - Thanks @gmathieu!
  • AwsLambdaReveiver: Ignore casing of HTTP headers as requested by RFC (#938) - Thanks @TheManWhoStaresAtCode!
• Improvements / bugfixes for better TypeScript supports:
  • Fix #926 by adding more subtype ones to message event types (#928) - Thanks @seratch!
  • Fix #925 by adding optional properties to CodedError interface (#927) - Thanks @seratch!
  • Fix #897 Add built-in fields to Context object type (#902) - Thanks @seratch!
  • Fix #894 Unable to build options request objects in TypeScript (#900) - Thanks @seratch!
  • Fix #720 ack(options) does not compile in TypeScript (#878) - Thanks @seratch!
  • Fix #497 Add types of state.values on modal submission (#879) - Thanks @seratch!
  • Fix #911 TypeScript error when using builtin onlyViewActions middleware (#912) - Thanks @seratch!
  • Add blocks / attachments to app_mention event interface (#906) - Thanks @seratch!
  • Add missing message events & more type tests (#832) - Thanks @seratch!
  • Fix #956 Add bot_id / bot_profile to GenericMessageEvent (#957) - Thanks @seratch!
  • Fix a few array field definition errors in TypeScript (#873) - Thanks @seratch!
  • Make API response types more specific utilizing the types in web-api 6.2 (#915) - Thanks @seratch!
  • Add is_bot_user_member to link_shared event (#946) - Thanks @rbrishabh!
  • Fix WorkflowStep StepUpdateArguments property types (#830) - Thanks @k725!
  • Add the type for plain_text_input action elements (#706) - Thanks @br-tim-ray!
  • Updated ReactionRemovedEvent type (#918) - Thanks @rr-codes!
  • Export options types and interfaces (#872) - Thanks @trevor-gullstad!
  • Add trigger_id to ViewSubmitAction interface (#828) - Thanks @misscoded!
• Lots of documentation improvements:
  • Fix a typo in Japanese documents (#916) - Thanks @p-chan!
  • Small clarification constraint reference (#844) - Thanks @shaydewael!
  • Add TypeScript Getting Started equivalent (#845) - Thanks @shaydewael!
  • Add JA-JP reference (#851) - Thanks @shaydewael!
  • Update the default receiver in the reference document (#835) - Thanks @seratch!
  • Update the description about processBeforeResponse in Reference document (#836) - Thanks @seratch!
  • Fix #632 Add Japanese version of PR #626 (App Home document) (#852) - Thanks @seratch!

Here is the list of all the issues / pull requests included in the release: https://github.com/slackapi/bolt-js/milestone/8?closed=1

• Add regex support to events handler (#284 #763) - Thanks @pdontha!
• Fix typo in SocketModeReceiver logging sentence (#807) - Thanks @KhushrajRathod!
• Refactor built-in receivers to be a little more DRY (#810) - Thanks @seratch!
• Add built-in AwsLambdaReceiver (#784 #785) - Thanks @seratch!
• Simplify app.start() for Socket Mode by allowing extra arguments to be optional (#823) - Thanks @KhushrajRathod
• Lots of documentation improvements!
  • Fix event.user to correctly reference user ID (#790) - Thanks @mwbrooks
  • Add Japanese translation for AWS Lambda Deployment Guide (#798) - Thanks @seratch @shay
  • Update AWS Lambda Deployment guide to use @vendia/serverless-express (#799 #800 #804 #806) - Thanks @januswel @avery100 @mwbrooks
  • Clarify that OAuth is not supported by custom receivers (#711) - Thanks @mwbrooks

• Added new channel_id_changed event (#779, #783) - thanks @stevengill
• Added missing properties on Message Types (#774, #782) - thanks @shaydewael, @sunakane
• Fixed inconsistencies with OAuth docs (#777) - thanks @misscoded
• Export Reaction interfaces (#765, #776) - thanks @KhushrajRathod, @feliperyan

Updated @slack/socket-mode dependency to use a range (^1.0.0) instead of a specific version - thanks @stevengill

• Added Four New Workflow / Workflow Step Event Interfaces (#767, #768) - thanks @misscoded
• Fixed node-slack-sdk issue 1156 where Socket Mode error was not bubbling up (#764) - thanks @stevengill
• Added a localized Japanese Heroku deployment guide (#762) - thanks @seratch, @shaydewael

Breaking changes

• Updated minimum Nodejs version to 12.13.0, updated minimum TypeScript version to 4.1 (#727, #728) - thanks @stevengill
• Removed orgAuthorize option when initializing App. If you used this option previously, you must use authorize instead for both single workspace installs and org wide app installs. See the migration guide to learn more! (#730) - thanks @stevengill
• The built-in OAuth with Org wide app installs no longer uses InstallationStore.fetchOrgInstallation() or InstallationStore.storeOrgInstallation(). If you used these previously, you must use InstallationStore.fetchInstallation() and InstallationStore.storeInstallation() instead. See the migration guide to learn more! (#730) - thanks @stevengill

New Features

• Bolt for JavaScript now supports Socket Mode! When initializing an App, use the socketMode: true option to choose connecting to Slack without an HTTP server (:wave: goodbye managing ngrok). In order to use Socket Mode, you must first enable it for your app’s configuration (https://api.slack.com/apps → Your App → Socket Mode).
  • This is implemented using the new SocketModeReceiver class. This receiver allows your app to receive events from Slack over a WebSocket connection.
  • To learn more about Socket Mode, checkout the release blog post and Bolt for JavaScript docs and example
  • Implemented in #630 - thanks @stevengill, @aoberoi, @seratch, @shaydewael, @mwbrooks
• Added a new Developer Mode. When initializing an App, conditionally check for when you’re not in production (e.g. process.NODE_ENV !== '``production``' ) to set developerMode: ```true`. Developer Mode currently enables debug logging, enables SocketMode, adds a custom failure handler for OAuth, and outputs the body of every incoming request. (#714, #742) - thanks @stevengill
• HTTPReceiver is the new default receiver for App. This will allow Bolt for JavaScript apps to more easily work with other popular web frameworks (Hapi.js, Koa, etc). (#670, #753) - thanks @aoberoi
  • ExpressReceiver is still available to use for those of you that have usecases which aren’t covered by HTTPReceiver.
  • This new receiver does not allow you to add custom routes, but instead allows you to access its requestListener property to selectively send it requests. This property follows the exact function signature as the first argument to Node’s built-in http.createServer(), so it’s very flexible. It will throw an HTTPReceiverDeferredRequestError, with a req and res property if it was not able to handle a given request.
• Added support for starting an HTTPS server with app.start() . This method now takes TLS options as its second parameter (after the port). The simplest example of starting an HTTP server is app.start(3000, { key: MY_TLS_KEY, cert: MY_TLS_CERT }). (#234, #658) - thanks @aoberoi

• Fix regression in is_enterprise_install check for slash commands (#737, #738) - thanks @mattcasey
• Added missing properties to AppMentionInterface (#735, #739) - thanks @misscoded, @BenAlderfer
• Add channel and other missing properties to all MessageEvent interfaces (#736, #740) - thanks @misscoded, @BenAlderfer